Zscaler Announces Intent to Acquire Airgap Networks to extend Zero Trust SASE

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

QQ Phishing Sites Stay Under The Radar

image
JULIEN SOBRIER
August 16, 2010 - 2 min read

In April, Mike reported an increase of QQ phishing sites. This does not come as a surprise, QQ is the equivalent of Google + eBay + Paypal in China. QQ first started as an Instant Messaging site and has now evolved as a Chinese web giant, with e-mail, search, online auctions, online payments, etc.

QQ Security Center

The main target here is the QQ Security Center aq.qq.com, which is used, among other things, to retrieve lost passwords, confirm account ownership, etc. The phishing sites are exact copies of the original site.

Most of the sites spotted are still live, and not blocked by Google Safe Browsing or Phishtank:
  • hxxp://www.qqaq.info/
  • hxxp://aq.qq.com.inddexx.com/
  • hxxp://aqq.txfree.net/aq/
  • hxxp://aq.qq.com.cgi-get.tencant.com.cn/
  • hxxp://aq.qq.sevrivae.cn-indvx.com/index.asp
  • hxxp://qq2010hd.h7.8210.cn/qq/88.htm


Image
Phishing site hxxp://www.qaq.info/

QQ Rewards

The other popular QQ phishing target is the Reward Center, where QQ rewards users for using their services. Fake QQ Reward Centers attempt to steal user credentials. Like for the QQ Security center scam, all phishing pages are nearly identical, and not detected by Phistank or Google SafeBrowsing.

Image
QQ Reward phishing page
Some of the phishing pages are:
  • hxxp://ctqq.in/qq/
  • hxxp://asdsdf.ns3.lianfa.info/qq2010/
  • hxxp://1111aaaa.01kro.idcqq.net/3/
  • hxxp://qqtx08.tk/
  • hxxp://nghfyu585.us3.hg288m.com/qq1/
  • etc.

Image
hxxp://qqtx08.tk/ QQ phishing site
I've seen only one QQ phishing site flagged by Google Safe Browsing while reviewing more than 20 QQ phishing sites, and the domain was already down: hxxp://qqli.go.3322.org/


-- Julien
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.