It’s VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

23 May

VKontake is Russia’s equivalent to Facebook.

VK – as it is commonly known – claims to be the largest European social network, and is particularly popular with Russian speakers who have made it the second most commonly visited website in all of Russia.


Of course, VKontakte is not immune from security and privacy challenges – and its users have to be careful about what they share, and who with, just as with any other social network.


For instance, plenty of evidence about the identity of the Koobface malware gang was fortuitously found being carelessly shared by the cybercriminals on their VKontakte profile pages.


I found myself wondering today if Western figures and celebrities like Barack Obama had attempted to make a landgrab for social media exposure on VKontakte.


Serendipitously, I made a spelling mistake. And typed “VKontakte” as “Vikontakte”.


Barack Obama on 'vikontakte'


Woah! That’s odd. The URL says the content is hosted on, but the description claims that it’s Twitter.


A visit to reveals what appears to be a familiar Twitter login page.


Twitter phishing site


However, closer inspection of the browser’s address bar confirms that it really is that you are looking at.


A closer look at the URL


I asked my colleagues in SophosLabs what they felt was occurring, and they confirmed that the site appears to have been set up for the purposes of phishing credentials.


The bogus login page will accept any random credentials you choose to enter, and redirect your browser to a .SU domain that will attempt to grab your browser’s history and other data, including (the criminals hope) your Twitter username and password.


HTML source code


Seeing as the Soviet Union ceased to exist in December 1991 (long before many of us had jumped onto the internet), you should perhaps have alarm bells ringing whenever you see a .SU domain name.


Chances are that it’s a sign that someone is up to no good.


What’s curious about this apparent phishing campaign is that the domain name is clearly designed to trick you into believing it’s one thing (VKontakte) whereas the contents of the site itself are trying to dupe into thinking it’s another (Twitter).


With a plan like this, maybe it’s no wonder the Soviet Union didn’t survive.

Internet security giants like SophosLabs has chosen to block as a phishing site.

1 Comment

Posted by on May 23, 2013 in Uncategorized


One response to “It’s VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

  1. online grocery shopping

    May 30, 2013 at 12:52 pm

    Generally I do not learn article on blogs, but I wish to say that this write-up very pressured me to try and do it! Your writing taste has been amazed me. Thank you, quite great post.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: