Phishers Using DNS Wildcards to Fake URLs

Netcraft: Phishers Use Wildcard DNS to Build Convincing Bait URLs
The phishers use a wildcard DNS setting at a third-party redirection service (kickme.to) to construct the URLS. The wildcard allows the display of URLs beginning with “barclays.co.uk,” which is followed by a portion of the URL which is encoded to obscure the actual destination domain.

The redirector at kickme.to/has.it forwards to a Barclays spoof site hosted at Pochta.ru in Moscow. The spoof loads a page from the actual Barclays site, and then launches a data collection form in a pop-up window from the Russian server.

This is bad and I’m sure we’ll see more of this in the weeks to come. The downside here is that phishers may drive legitimate business from the web.