TOKYO (MacHouse) – Yesterday, we reported a phishing website hosted at Spoono Host involving popular Internet phone software Skype. It was the third time in 5 days in which their client website was hacked and abused for phishing. The domain of the last victimized website for phishing is wintergreendesign.com. We patiently waited for Spoono Host to take down the phishing website content. 4 hours after we posted the article reporting phishing abuse, nothing was done. Inevitably, we were obliged to contact Spoono Host to report the phishing abuse.
Eventually, Spoono Host removed phishing website content. And 3 hours after we contacted them, they said “We have it under control. Thanks.” (See Screenshot 01.) Good. But really? Then what am I seeing right now with my web browser? In fact, we received another phishing e-mail message about 2 hours ago. (01/11/2008 08:08 PM Japan ST or 01/11/2008 08:08 AM US PST) (See Screenshot 02.) Again, the title is Action Required To Avoid Account Suspention with the last word misspelled. The source code reveals that one will be first directed to www.comune.castello-tesino.tn.it/up-down/ by clicking on a hyperlink provided in the message. (See Screenshot 03.) As I expected, I was eventually redirected to wintergreendesign.com. Right… It’s Spoono Host’s client website. By the way, this exploiter is known to use XML for redirection.
I wonder who is virtually running the website at wintergreendesign.com?
 Screenshot 01 |
 Screenshot 02 |
 Screenshot 03 |
 Screenshot 01 |
 Screenshot 02 |
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
