MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

8.2.10

Phishing database I

Phishing responds to a purely criminal activity, part of the circuit that drives the illegal business of crimeware, designed to steal money using the sensitive and private information from users that criminals obtained through non-sacred activities.

Therefore, as a preventive measure, it's important not to allow access to the domains that host usually banks cloned pages, webmail and any other Internet service through a process that requires authentication.

To that end, born Phishing database, a compendium of fraudulent domains for implementing a plunger of phishing, which can be used to create the block lists.

Wachovia Corporation
http://www.stc.lk/it/home/online.wachovia.com/accountupdate/AuthService.php?action=presentLogin&url=https%3a//onlineservices.wachovia.com/NASApp/NavApp/Titanium%3faction%3dreturnHome (96.30.15.196) - United States

PayPal
h**p://aurelie-et-arnaud.me/img/paypal/verify/login.php (213.186.33.87) - France
h**p://www.yvescochet.net/.secure.paypal.fr/verified_by_paypal/webscrcmd=_login-run/cgi-bin/_login/ (213.186.33.2) - France
h**p://dz-tero.com/paypal/ (74.217.128.53) - Canada
h**p://www.paypal.com.0ytyz0oxg18bu.124nruo3kb3j903ers01.com/cgi-bin/webscr/?login-dispatch&login_email=unnimay@aol.com&ref=pp&login-processing=ok (195.56.18.126) - Hungary Hungary
h**p://www.124nruo3kb3j903ers01.com/cgi-bin/webscr/ (195.56.18.126) - Hungary
h**p://www.syrianaction.com/data/.confirm/paypal/ (88.198.217.51) - Germany
h**p://www.paypalcomservupdate.intl-paypal1.com/us/cgi-bin/?cmd=_login-run (218.36.124.140) - Korea, Republic Of
h**p://ukghd.com/images/www.paypal.com/cgi-bin/webscr.htm?cmd=_login-run (85.192.32.211) - Russian Federation
h**p://203.101.73.204/www.paypal.com.au/security/cgi-bin/webscr.htm?cmd=_login-run - India
h**p://52274548.es.strato-hosting.eu/lol/webscr.php?cmd=LogIn (81.169.145.81) - Germany
h**p://www.kules.knows.nl/cgi/ (91.121.2.117) - France
h**p://lejournalduthesard.info/help/css/update/online-information/fr/verefication-compte/online-update/webscr.php?cmd=_login-run&dispatch=5885d80a13c0db1f1ff80d546411d7f84f1036d8f209d3d19ebb6f4eeec8bd0e57b2ad7d754c297ea32a3580bcf6dcb357b2ad7d754c297ea32a3580bcf6dcb3
h**p://208.101.19.98/~mikorg/ - United States
h**p://iwww.cz.cc/PayPal.fr/paypal/fr/webscr.php?cmd=_login-run&dispatch=5885d80a13c0db1f998ca054efbdf2c29878a435fe324eec2511727fbf3e9efc0779736997661668caf8ff5d99e81fe40779736997661668caf8ff5d99e81fe4

egg
h**p://www.luxor2020.com/about/files/Image/jpg/txt/neweggcom/security/customer/index.html (207.210.125.219) - United States

CUA
h**p://www.zoi-creation.com/customers.cua.com.au/webbanker/CUA/2/notice.htm
h**p://www.zoi-creation.com/customers.cua.com.au/webbanker/CUA/ (93.184.35.226) - France

HSBC
h**p://cmodz-hosting.com/upload/cache/IBlogin.html (66.102.237.82) - United States
h**p://www.w650-france.com//forum/modules/index.html (213.186.33.4) - France
h**p://www.ifsb.co.kr/bbs/data/guest/gold/folder/folder/New%20Folder/United2/Folder/Folder/Folder/Folder/Folder/Folder/Folder/empty/empty/empty/United2/United/United/United/HSBC/index.html (210.102.34.17) - Korea, Republic Of
h**p://dodongminhhien.com/modules/pib-home/2/1/personal/hsbc.co.uk/IBlogin.html (203.113.173.20) - Viet Nam

eBay
h**p://rahasiabisnis21.com/_space/apache_module.php (202.69.111.58) - Indonesia
h**p://www.ebay.motors-cgi-items.com/cars-trucks_2003-BMW330I_W0QQitemZ15982632345413QQihZ012QQcategory-cars-trucksZ21983317QQssPageNameZWDVWQQrdZ1QQcmdZViewItems/index2.php (69.147.83.187) - United States
h**p://190-13-160-211.bk14-ipfija.surnet.cl/.ws-cgi/index.php - Chile
h**p://7beginnings.com/~sothebys/assets/profile/ws/login.html (203.211.129.222) - Singapore

JPMorgan Chase Bank
h**p://7beginnings.com/~sothebys/assets/profile/auth/secure/chase-sec/onlinebanking.chase.com=logon_confirm/ (203.211.129.222) - Singapore

In this case, in the same living space there is a breach against eBay phishing and another against JPMorgan Chase Bank in the IP address 203.211.129.222. The site is controlled by a shell in php call !islamicshell v. edition ADVANCED!.

The truth is that in addition to web upload cloned, the attacker can quietly, such as spreading malware of any type hosted on the server which hosts the site, including (a very common and which tend to be used the shell php) defacing.

Lloyds TSB Bank
h**p://www.ifsb.co.kr/bbs/data/guest/gold/folder/folder/New%20Folder/United2/Folder/Folder/Folder/Folder/Folder/Folder/Folder/empty/empty/empty/United2/United/United/United/Lloyds/customer.php (210.102.34.17) - Korea, Republic Of

Barclays
h**p://www.ifsb.co.kr/bbs/data/guest/gold/folder/folder/New%20Folder/United2/Folder/Folder/Folder/Folder/Folder/Folder/Folder/empty/empty/empty/United2/United/United/United/Barclays/LoginMember.login.htm (210.102.34.17) - Korea, Republic Of

Canada Revenue Agency
h**p://221.134.144.147/cra-arc.gc.ca/esrvc-srvce/tx/ndvdls/myrefund/getStatus_en.htm

Poste italiane
h**p://fgewfgewdfsa.pochta.ru/posste.html (82.204.219.221) - RU
h**p://mesagio-postepay.xaker.ru/postpayleg-clientesdasdhit.html (194.67.36.117) - RU

Abbey
h**p://www.velositas.com/update/myonlineacounts2.abbeynational.co.uk/Logonaction=prepared/Logonaction=prepare/ (75.126.202.209) - US

Jorge Mieres

4 comentarios:

Monika said...

The information is threatening . I don't understand the technical detail but realize the importance of taking preventive measures. I will highlight the topic in computer forum.

Jorge Mieres said...

Thanks bro! :)

Anonymous said...

Browsers should integrate the functionality of the Mozilla Firefox FlagFox Add-On. This way, users can see in which country the website is located, which reduces the chance they fall for the scam.

Usually the discussion about this subject is about user awareness. I think the discussion should also about the amount of intelligence available to the user to assess whether a remote website can be trusted.

Empower the users by offering them the intelligence they need, so they become more aware ?

Anonymous said...

http://www.paypal-hi.com/nls/?cgi-bin/webscr?cmd=_login-run

Post a Comment