MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

23.2.10

New ZeuS phishing campaign against Google and Blogger

A new strategy proposed by ZeuS phishing active. Previously we mentioned that the trusted entities used as part of the plan of Zeus infection and fraud involving the IRS, VISA and Facebook.

Coverage now focuses its efforts on using the name of Google and Blogger. Some of the domains used are:

http://www.google.com/update/VE.php?service=blogger

http://www.google.com/update/VE.php --> annieliu@hotpop.com
http://www.google.com/update/VE.php --> rob@boringbutgood.com
http://www.google.com/update/VE.php --> uin@vangenechten.com
http://www.google.com/update/VE.php --> julian@beweb.com
http://www.google.com/update/VE.php --> lwfcsk@khainata.com
http://www.google.com/update/VE.php --> jorgec@interlinkpr.com
http://www.google.com/update/VE.php --> hquisbert@arcobol.com

http://www.google.com.zobv.kr/update/VE.php
http://www.google.com.desr.kr
http://www.google.com.desr.or.kr
http://www.google.com.erdcq.kr
http://www.google.com.erdcd.kr
http://www.google.com.erdca.co.kr
http://www.google.com.dese.ne.kr
http://www.google.com.desv.co.kr
http://www.google.com.erdcu.co.kr
http://www.google.com.esuk.ne.kr
http://www.google.com.esus.co.kr
http://www.google.com.erdce.kr

http://www.blogger.com.desv.kr/update/VE.php --> gogo@beweb.com
http://www.blogger.com/update/VE.php
http://www.blogger.com/update/VE.php --> rob@boringbutgood.com
http://www.blogger.com/update/VE.php --> teasider@phreaker.net
http://www.blogger.com/update/VE.php --> ede@interlinkpr.com
http://www.blogger.com/update/VE.php --> r.thijs@rubber-resources.com
http://www.blogger.com/update/VE.php --> a.hendriks@rubber-resources.com
http://www.blogger.com/update/VE.php --> murdockrainwave1997@rubber-resources.com

http://www.blogger.com.esut.ne.kr
http://www.blogger.com.esus.ne.kr
http://www.blogger.com.erdcu.ne.kr
http://www.blogger.com.esuk.ne.kr
http://www.blogger.com.erdcu.or.kr
http://www.blogger.com.zobq.or.kr
http://www.blogger.com.desx.or.kr
http://www.blogger.com.erdca.co.kr
http://www.blogger.com.zobq.co.kr
http://www.blogger.com.esuk.kr

Phishing campaigns under a nomenclature similar to these (and earlier) leave evidence that the coverage they intend to take the creators of ZeuS is quite broad, and certainly in the next few days are other campaigns similar to this fraud.

Related information
Facebook & VISA phishing campaign proposed by ZeuS
ZeuS on IRS Scam remains actively exploited
Zeus and the theft of sensitive information
Leveraging ZeuS to send spam through social networks
ZeuS Botnet y su poder de reclutamiento zombi
ZeuS, spam y certificados SSL
Eficacia de los antivirus frente a ZeuS
Special!!! ZeuS Botnet for Dummies
Botnet. Securización en la nueva versión de ZeuS
Fusión. Un concepto adoptado por el crimeware actual
ZeuS Carding World Template. (...) la cara de la botnet
Financial institutions targeted by the botnet Zeus. Part two
Financial institutions targeted by the botnet Zeus. Part one
LuckySploit, the right hand of ZeuS
Botnet Zeus. Mass propagation of his Trojan. Part two
Botnet Zeus. Mass propagation of his Trojan. Part one

Jorge Mieres

0 comentarios:

Post a Comment