edu skimming - try http://umich.edu.com/ nice! -- Lucy E. Lynch Academic User Services Computing Center University of Oregon llynch @darkwing.uoregon.edu (541) 346-1774 ---------- Forwarded message ---------- Date: Thu, 23 Mar 2006 12:37:24 -0800 From: David Lundy <dlundy@pacific.edu> Reply-To: UNIversity Security Operations Group <unisog@lists.sans.org> To: unisog@lists.sans.org Subject: Re: [unisog] Problems with EDU.COM domain It looks like a wild card. Things like zzz.edu.com resolve. David Lundy Acting IT Security Officer University of the Pacific
YorkJ@brcc.edu 03/23/06 11:09 AM >>> Wow, even lowly community colleges are listed in the phishing sites edu.com. They must have copied the entire .edu domain. I just called Educause (.edu registrar) to let them know about it--the lady I talked to hadn't seen it yet, but promised to send the info to their management. Thanks John
John York Network Engineer Blue Ridge Community College _______________________________________________ unisog mailing list unisog@lists.sans.org http://www.dshield.org/mailman/listinfo/unisog _______________________________________________ unisog mailing list unisog@lists.sans.org http://www.dshield.org/mailman/listinfo/unisog
On 3/24/06, Lucy E. Lynch <llynch@darkwing.uoregon.edu> wrote:
edu skimming - try http://umich.edu.com/
edu.com is quite old as far as domains go... but its not really a phisher as far as i can see - its a purveyor of "online diplomas" from assorted universities, and some obvious diploma mills (including those of the spamming variety, such as the University of Phoenix) www.imamoron.edu.com works as well .. by the way Registrant: Vantage Media Corporation 1350 Abbot Kinney Blvd #203 Venice, California 90291 United States Registered through: GoDaddy.com Domain Name: EDU.COM Created on: 24-Nov-98 Expires on: 23-Nov-10 Last Updated on: 14-Jun-05 Administrative Contact: Administrator, Domain domainadmin@vantagemedia.com Vantage Media Corporation 1350 Abbot Kinney Blvd #203 Venice, California 90291 United States 3104823737 Fax -- Technical Contact: Administrator, Domain domainadmin@vantagemedia.com Vantage Media Corporation 1350 Abbot Kinney Blvd #203 Venice, California 90291 United States 3104823737 Fax -- Domain servers in listed order: PDNS1.ULTRADNS.NET PDNS2.ULTRADNS.NET PDNS3.ULTRADNS.ORG PDNS4.ULTRADNS.ORG PDNS5.ULTRADNS.INFO PDNS6.ULTRADNS.CO.UK
nice!
-- Lucy E. Lynch Academic User Services Computing Center University of Oregon llynch @darkwing.uoregon.edu (541) 346-1774
---------- Forwarded message ---------- Date: Thu, 23 Mar 2006 12:37:24 -0800 From: David Lundy <dlundy@pacific.edu> Reply-To: UNIversity Security Operations Group <unisog@lists.sans.org> To: unisog@lists.sans.org Subject: Re: [unisog] Problems with EDU.COM domain
It looks like a wild card. Things like zzz.edu.com resolve.
David Lundy Acting IT Security Officer University of the Pacific
YorkJ@brcc.edu 03/23/06 11:09 AM >>> Wow, even lowly community colleges are listed in the phishing sites edu.com. They must have copied the entire .edu domain. I just called Educause (.edu registrar) to let them know about it--the lady I talked to hadn't seen it yet, but promised to send the info to their management. Thanks John
John York Network Engineer Blue Ridge Community College
_______________________________________________ unisog mailing list unisog@lists.sans.org http://www.dshield.org/mailman/listinfo/unisog _______________________________________________ unisog mailing list unisog@lists.sans.org http://www.dshield.org/mailman/listinfo/unisog
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Fri, 24 Mar 2006, Suresh Ramasubramanian wrote:
On 3/24/06, Lucy E. Lynch <llynch@darkwing.uoregon.edu> wrote:
edu skimming - try http://umich.edu.com/
edu.com is quite old as far as domains go... but its not really a phisher as far as i can see - its a purveyor of "online diplomas" from assorted universities, and some obvious diploma mills (including those of the spamming variety, such as the University of Phoenix)
and collecting information from students interested in enrolling at umich...
www.imamoron.edu.com works as well .. by the way
Registrant: Vantage Media Corporation 1350 Abbot Kinney Blvd #203 Venice, California 90291 United States
Registered through: GoDaddy.com Domain Name: EDU.COM Created on: 24-Nov-98 Expires on: 23-Nov-10 Last Updated on: 14-Jun-05
Administrative Contact: Administrator, Domain domainadmin@vantagemedia.com Vantage Media Corporation 1350 Abbot Kinney Blvd #203 Venice, California 90291 United States 3104823737 Fax --
Technical Contact: Administrator, Domain domainadmin@vantagemedia.com Vantage Media Corporation 1350 Abbot Kinney Blvd #203 Venice, California 90291 United States 3104823737 Fax --
Domain servers in listed order: PDNS1.ULTRADNS.NET PDNS2.ULTRADNS.NET PDNS3.ULTRADNS.ORG PDNS4.ULTRADNS.ORG PDNS5.ULTRADNS.INFO PDNS6.ULTRADNS.CO.UK
nice!
-- Lucy E. Lynch Academic User Services Computing Center University of Oregon llynch @darkwing.uoregon.edu (541) 346-1774
---------- Forwarded message ---------- Date: Thu, 23 Mar 2006 12:37:24 -0800 From: David Lundy <dlundy@pacific.edu> Reply-To: UNIversity Security Operations Group <unisog@lists.sans.org> To: unisog@lists.sans.org Subject: Re: [unisog] Problems with EDU.COM domain
It looks like a wild card. Things like zzz.edu.com resolve.
David Lundy Acting IT Security Officer University of the Pacific
YorkJ@brcc.edu 03/23/06 11:09 AM >>> Wow, even lowly community colleges are listed in the phishing sites edu.com. They must have copied the entire .edu domain. I just called Educause (.edu registrar) to let them know about it--the lady I talked to hadn't seen it yet, but promised to send the info to their management. Thanks John
John York Network Engineer Blue Ridge Community College
_______________________________________________ unisog mailing list unisog@lists.sans.org http://www.dshield.org/mailman/listinfo/unisog _______________________________________________ unisog mailing list unisog@lists.sans.org http://www.dshield.org/mailman/listinfo/unisog
-- Suresh Ramasubramanian (ops.lists@gmail.com)
-- Lucy E. Lynch Academic User Services Computing Center University of Oregon llynch @darkwing.uoregon.edu (541) 346-1774
On 3/24/06, Lucy E. Lynch <llynch@darkwing.uoregon.edu> wrote:
edu.com is quite old as far as domains go... but its not really a phisher as far as i can see - its a purveyor of "online diplomas" from assorted universities, and some obvious diploma mills (including those of the spamming variety, such as the University of Phoenix)
and collecting information from students interested in enrolling at umich...
.. and uoregon ... yeah that too. and of course making money for a string of google ads about various diploma mills that take up most of their website space besides a short "article" on online degrees. -- Suresh Ramasubramanian (ops.lists@gmail.com)
Is this really phishing or just clever marketing to drive up spam numbers? It clearly says at the bottom of the page that it is NOT affiliated with the University. On Mar 24, 2006, at 10:09 AM, Suresh Ramasubramanian wrote:
On 3/24/06, Lucy E. Lynch <llynch@darkwing.uoregon.edu> wrote:
edu.com is quite old as far as domains go... but its not really a phisher as far as i can see - its a purveyor of "online diplomas" from assorted universities, and some obvious diploma mills (including those of the spamming variety, such as the University of Phoenix)
and collecting information from students interested in enrolling at umich...
.. and uoregon ...
yeah that too. and of course making money for a string of google ads about various diploma mills that take up most of their website space besides a short "article" on online degrees.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On 3/24/06, Luke Gill <lukegill1@aol.com> wrote:
Is this really phishing or just clever marketing to drive up spam numbers?
It clearly says at the bottom of the page that it is NOT affiliated with the University.
As I said in a previous email ..
edu.com is quite old as far as domains go... but its not really a phisher as far as i can see - its a purveyor of "online diplomas"
a marketer that's too clever by half, and got a rather convenient domain to setup a catchall on srs
On Mar 24, 2006, at 6:50 AM, Lucy E. Lynch wrote:
edu skimming - try http://umich.edu.com/
While it's kinda lame it is far from a phishing site. They even say on the submit form: "Yes! I'd like additional information from College.us.com and its marketing partners." Chances are that you will actually get something from UMich (along with a bunch of other junk too no doubt). Phishing is bad enough as it is, let's not broaden its definition to include all things we find uncool. Best, David Ulevitch
On Fri, 24 Mar 2006, David Ulevitch wrote:
On Mar 24, 2006, at 6:50 AM, Lucy E. Lynch wrote:
edu skimming - try http://umich.edu.com/
While it's kinda lame it is far from a phishing site. They even say on the submit form: "Yes! I'd like additional information from College.us.com and its marketing partners." Chances are that you will actually get something from UMich (along with a bunch of other junk too no doubt).
Phishing is bad enough as it is, let's not broaden its definition to include all things we find uncool.
actually, this is cross posted from the UNISOG list, and the schools in question have no connection with this and get no referrals from collected data.
Best, David Ulevitch
-- Lucy E. Lynch Academic User Services Computing Center University of Oregon llynch @darkwing.uoregon.edu (541) 346-1774
On Mar 24, 2006, at 8:12 AM, Lucy E. Lynch wrote:
On Fri, 24 Mar 2006, David Ulevitch wrote:
On Mar 24, 2006, at 6:50 AM, Lucy E. Lynch wrote:
edu skimming - try http://umich.edu.com/
While it's kinda lame it is far from a phishing site. They even say on the submit form: "Yes! I'd like additional information from College.us.com and its marketing partners." Chances are that you will actually get something from UMich (along with a bunch of other junk too no doubt).
Phishing is bad enough as it is, let's not broaden its definition to include all things we find uncool.
actually, this is cross posted from the UNISOG list, and the schools in question have no connection with this and get no referrals from collected data.
Your admissions office is misleading you or you just haven't asked them or they don't care to answer you. They pull leads from many sources including the College Board and numerous others. Many of those sources aggregate their data from places like this and flyers in high schools, reps and all kinds of junk. If you are really concerned, tell your school CSO to talk to Admissions and get some details. I think Admissions and Alumni Relations workers probably compete with each other over who can annoy more people. :-) Universities are often huge organizations and do all kinds of great and sometimes some not so great things. Don't be surprised. But now we're getting off-topic. Best, David Ulevitch
participants (4)
-
David Ulevitch
-
Lucy E. Lynch
-
Luke Gill
-
Suresh Ramasubramanian