By: Julien Sobrier

QQ Phishing Sites Stay Under The Radar

Uncategorised

In April, Mike reported an increase of QQ phishing sites. This does not come as a surprise, QQ is the equivalent of Google + eBay + Paypal in China. QQ first started as an Instant Messaging site and has now evolved as a Chinese web giant, with e-mail, search, online auctions, online payments, etc.

QQ Security Center

The main target here is the QQ Security Center aq.qq.com, which is used, among other things, to retrieve lost passwords, confirm account ownership, etc. The phishing sites are exact copies of the original site.

Most of the sites spotted are still live, and not blocked by Google Safe Browsing or Phishtank:
  • hxxp://www.qqaq.info/
  • hxxp://aq.qq.com.inddexx.com/
  • hxxp://aqq.txfree.net/aq/
  • hxxp://aq.qq.com.cgi-get.tencant.com.cn/
  • hxxp://aq.qq.sevrivae.cn-indvx.com/index.asp
  • hxxp://qq2010hd.h7.8210.cn/qq/88.htm


Phishing site hxxp://www.qaq.info/

QQ Rewards

The other popular QQ phishing target is the Reward Center, where QQ rewards users for using their services. Fake QQ Reward Centers attempt to steal user credentials. Like for the QQ Security center scam, all phishing pages are nearly identical, and not detected by Phistank or Google SafeBrowsing.

QQ Reward phishing page
Some of the phishing pages are:
  • hxxp://ctqq.in/qq/
  • hxxp://asdsdf.ns3.lianfa.info/qq2010/
  • hxxp://1111aaaa.01kro.idcqq.net/3/
  • hxxp://qqtx08.tk/
  • hxxp://nghfyu585.us3.hg288m.com/qq1/
  • etc.

hxxp://qqtx08.tk/ QQ phishing site
I've seen only one QQ phishing site flagged by Google Safe Browsing while reviewing more than 20 QQ phishing sites, and the domain was already down: hxxp://qqli.go.3322.org/


-- Julien

Learn more about Zscaler.