TST Management Inc. | Jianjun's Blog

Jun 05 2008

FireFox Warns About MSN Phishing Sites

Published by Jianjun under Internet, Security, Software

FireFox now displays a warning (see picture on the left, click to see large image) when you are tricked to click on some of the ‘Pics for MSN Friends’ phishing site URLs created by the so-called ‘TST Management Inc.’

At the time of writing, a new URL emerged and, according to the ‘official’ phishing site’s server status report, “c0mpics.info” is now the most active site that’s hoaxing not only MSN users, but ICQ users.

When you visit the phishing site (never do it!), a window pops up displaying content from ‘awesomeoffers.info’ (see picture below, click to display large image) saying, ‘We’re sorry! This offer is not available in your area. You will

be redirected shortly. If you are not automatically redirectly, please click here.’ Then you are served ads from various sources.

Thanks to our fellow netizens, sites such as jumphost.info, ther1ng.info, etc. were alerted as potential phishing sites by FireFox. But if you are using IE or Safari, the chances are you won’t see these warnings.

Personally I think MSN and ICQ should do their fair share of work and warn their users never trust any offline messages containing such links. That will be the most effective and proactive way to deal with these bad guys. However, each one of us who knows about the phishing attempt can also lend a helping hand by telling our MSN/ICQ or other IM buddies about this and report any such sites through FireFox or IE.

Here’s how:

FireFox:

When you are on that site, click on ‘Help’ -> ‘Report Web Forgery.’

French version, click on ‘?’ -> ‘Signaler un site contrefait…’

IE:

When you are on that site, right-click this icon on bottom status bar.

*UPDATE*

Good news. As on June 6, all phishing sites from the so-called ‘TST Management Inc.’ have been down. But I am not sure if they are simply banned by the ISP in Hong Kong and are in the process of finding other server locations. If you find any further information, please let me know. Thanks.

*UPDATE-1*

The phishing sites are back on again. A new one to watch:

“freakpics.info”

5 responses so far

Apr 30 2008

Phishing Sites Exploit MSN Messenger Users

Published by Jianjun under Internet, Security

Just confirmed with an MSN buddy that he’s ‘infected with’ a new MSN link-sharing ‘virus’. As a matter of fact, I myself was fooled by this very thing a couple of weeks ago when I got a message from a close friend on MSN that contained a link to ‘her personal page’.

The message ran as follows:

“hii.. check out this.. http://real.amazing-stuff.info .. brb he!!”

Since this was from my close friend, and she’s immediately offline when I got these, I guessed s might be in a hurry and hoped to connect with me using some social network, so I clicked on the link and it brought me to a web page that required me to sign in using my MSN user name and password. The page had detailed service terms and ‘report abuse’ email and told me:

We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.

Again, since it’s ‘recommended’ by my close friend, I logged in and set up some personal page there. But since it was not very attractive, I logged off and never went there again afterwards. But my user name and password were already stolen!

I realized this on the second day when my MSN messenger automatically logged off saying another user had logged in. This is the ONE security feature of MSN messenger I love. (Skype wouldn’t prompt you anything like this when a thousand other users logged into your account and eavesdropped on your chats!) Then I changed my password. I suspect the hacker site used my credential to send similar links to all my contacts that day.

However, if not today another victim sent me a message (also when he’s offline!) as follows, I wouldn’t associate these things together:

“http://username.very.c0o0lthing.info”

I immediately sent a message back to him asking if he knew about this. When he was back online he confirmed that it was some kind of ‘virus’ he got from other MSN users.

Technically speaking, this is not a virus, but phishing. Phishing sites fake other sites to steal your personal information and use them to access your accounts such as email, PayPal or Moneybookers accounts.

In this very case, the hidden criminals’ true intention is not using your email account to spread their links. Since many people use the same password for their email and other accounts such as PayPal, they could easily obtain your private financial information.

If you experienced a similar situation recently:

make sure you post a status message in your MSN messenger warning all contacts not to click on any links you send out before verification;
change your MSN password immediately and change the password of other accounts that share the same password.
help to spread the warning by blogging about it, digging this and other related articles to fight against further phishing attempts.

The phishing site page looks like the following:

The site claims to be TST Management Inc. And here are three domain names they used (They probably use tons of other domains for such purposes) and related information:

1. pr0filepix.info

Domain ID:D24638073-LRMS
Domain Name:PR0FILEPIX.INFO
Created On:29-Apr-2008 12:16:31 UTC
Last Updated On:29-Apr-2008 12:54:46 UTC
Expiration Date:29-Apr-2009 12:16:31 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:d5574c1883d
Registrant Name:Mark Bradley
Registrant Organization:TST Management, Inc
Registrant Street1:edificio Magna Corp - 5th Floo
Registrant City:PANAMA
Registrant State/Province:PANAMA
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+1.2021577

Server IP: 210.56.53.224
Hong Kong - Dedicated Internet Access (sunhk Datacenter)
Registrant Search: “TST Management, Inc” owns about 85 other domains

2. 1FP9.INFO

Domain ID:D18304546-LRMS
Domain Name:1FP9.INFO
Created On:07-Jun-2007 10:10:35 UTC
Last Updated On:21-Apr-2008 12:59:51 UTC
Expiration Date:07-Jun-2008 10:10:35 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:OK
Registrant ID:90f98cddfd4
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577

Server IP: 216.52.184.243
Washington - Redmond - Enom

3. c0o0lthing.info

Domain ID:D24611209-LRMS
Domain Name:C0O0LTHING.INFO
Created On:27-Apr-2008 15:25:13 UTC
Last Updated On:27-Apr-2008 15:25:26 UTC
Expiration Date:27-Apr-2009 15:25:13 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:999AD5DB09046351
Registrant Name:Peter Call
Registrant Organization:Blue China Group, Ltd
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:Investment Bldg.,
Registrant Street3:48-62 Hennessy Road
Registrant City:Wanchai
Registrant State/Province:HK
Registrant Postal Code:0000
Registrant Country:HK
Registrant Phone:+852.94230671

Server IP: 65.39.175.61
Quebec - Montreal - Qitx Inc
Registrant Search: “Blue China Group, Ltd” owns about 1,669 other domains

*UPDATE*

Thanks to all visitors who provided further phishing addresses as follows (also see comments). I believe we can dig out all those bad urls soon ;):

“adp0int.info”
“real.awesome-stuff.info”
“cache2.imagehosters.info”
“h0st3d.on.prof1lepix.info”
“save.p1ctures.info”
“fr1endp1cs.info”
“username.get.n1ce4ds.info”
“username.likes.ch33se.info”
“down.l0ader.info”
“was.d1ssed.info”
“arm18618.this.are.the.fri3ndp1x.info”
“ch3k3r.info”
“ch3ck3r.info”
“username.the.great-th1ng.info”
“username.partyp1x.info”
“username.1ik5.info”
“username.found.some.c0o0ol5tuff.info”

“username.awes0me.info”
“fileho5t.info”
“m33tpoint.info”
“checkdiz.info”
“snapsh0t.info”
“ther1ng.info”
“greatblockier.info”
“blockierteplatz.info”
“t0nez.info”
“c0mpics.info”
“jumphost.info”
“flatl1ne.info”
“g4ng.info”
“b4ng.info”
“h0stp1cs.info”

If you know any other phishing urls of this MSN messenger scam, please leave a voice or video comment below. (The text comment function crashed my database and many comments got lost.) I’ll update this post.

*UPDATE-1*

Eric translated part of this post into German. If you are not comfortable with English and would like to read German, please visit: http://erichaas.spaces.live.com/blog/cns!20AE01BBC9DF0C0!1014.trak for the German version. Translation into other languages is also welcomed. Please link back to this article and let me know your post address and I’ll add it to this list. Thanks for your help!

*UPDATE-2*

Interesting registrant name of one of its domains (see below):

Domain ID:D24997781-LRMS
Domain Name:THER1NG.INFO
Created On:30-May-2008 14:57:47 UTC
Last Updated On:31-May-2008 10:02:05 UTC
Expiration Date:30-May-2009 14:57:47 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:47429cff5a9
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Edificio Magna Corp. 5th Floor
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:

74 responses so far

About Jianjun
Recent Posts
Recent Comments
- Larry on OoVoo Won’t Replace Skype
- Jianjun on Chinese Teaching Podcast Under Preparation
- Beijing Monkey on Chinese Teaching Podcast Under Preparation
- JamesB on WordPress 404 Not Found Problem
- Jianjun on How to Keep Up With the Times
- John on How to Keep Up With the Times
- Jianjun on Chinese Teaching Podcast Under Preparation
- Jianjun on How to Set Up Twitter SMS
- Jianjun on Forget About Gladder, Use Anonymouse
- Jianjun on WordPress 404 Not Found Problem
- DSvT on WordPress 404 Not Found Problem
- Ethan on Forget About Gladder, Use Anonymouse
- tom on How to Set Up Twitter SMS
- Carrie on Chinese Teaching Podcast Under Preparation
- Ladina on FireFox Warns About MSN Phishing Sites
Charity
- Library Project
Friend's Blogs
Luxury Properties
- 爱豪宅
- Luxury Property Blog
Translators' Blogs
- La parole exportée
Web Site
Archives
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- November 2006
- June 2006
- May 2006

Subscribe in a reader
国内订阅
 Contact Jianjun
Shanghai Scrap
- Offline Until November 1.
  Blogging takes time. Time to write. Time to read. And, in the case of this blog, it requires travel and conversations with people who know interesting things. At the moment, however, I’m tied down while I complete a book project that requires m
- My “Best American” Moment.
  Houghton Mifflin is starting to publish this year’s editions of its Best American series (Best American Essays, Best American Sports Writing, etc), and I’m proud to say that my essay, “Keeping Faith,” originally published in t
- Giant UFO Over Shanghai - UPDATED
  [UPDATE: I can't believe that I have to do this, but after a half dozen emails questioning my sanity (folks: read the whole post, not just the title!), it seems that I do. So, let me set the record straight: the UFO "video" referenced
- Indexed to Qingdao … too late.
  [for iron ore and steel geeks only!] Since I’m taking a brief book writing break to post about UFOs, I’ll also take the liberty of posting a little something about iron ore markets, too. Specifically, an important piece of China business
The China Vortex
- Event: Your Digital Day in Hong Kong
  ADMA (Asian Digital Marketing Association) is hosting an event on Thursday October 16 at Hong Kong’s Cyberport called Your Digital Day. I will be participating in a panel talking about advertising trends and standards in China and Asia, and ho
- GoingEast.Asia Web Survey
  Open Web Asia is a new organization founded by Gang Lu, publisher of Mobinode. Today they are bringing together some of the leading western players in China, Asia, Europe and the US to talk about web trends in Asia, and especially the trend for US an
- Why China Won’t Throw A Lifeline To The West
  Image via Wikipedia With all the chaos on world’s markets, it is easy to overlook developments in China. The biggest piece of Chinese domestic news is the decision to give limited rights to land use to China’s farmers. This decisio
CN Reviews
- China blogger tour: Win a free trip to blog!
  Enter NOW to win a FREE trip to blog from China! (or read below if you are interested in the back story) During a trip to China in May, Christine Lu of The China Business Network and I developed a seed of an idea to bring Western bloggers to China t
- Weekly Roundup: Chinese Web 2.0 Rhetoric (October 14, 2008)
  On CNReviews, we showcase the best, the most innovative, and the most interesting debate about the Chinese Web 2.0 as the week draws to a close… This week has been the first “real” week after the October Break, which this year was m
- “Hollywood Chinese” Pinched A Nerve - Racism in Asian-American Cinema
  I’m in Austin, Texas ya’ll!!! I’m currently at the Austin Asian-American Film Festival, if ya’ll in the area, come by Saturday for my film’s Texas premier. It is now day two of the AAAFF, and I sit here awake at 7:30am

Jianjun’s Blog

Web Localization, i18n, Web 2.0, Culture, Translation 2.0, New Media and New Tech….

FireFox Warns About MSN Phishing Sites

Phishing Sites Exploit MSN Messenger Users

About Jianjun

Recent Posts

Recent Comments

Charity

Friend's Blogs

Luxury Properties

Translators' Blogs

Web Site

Archives

Shanghai Scrap

The China Vortex

CN Reviews