MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

28.3.10

Web Hooters Germany committed to phishing HSBC

Hooters is a restaurant chain that has branches in a number of countries. At Wikipedia you can read more about what these particular food outlets, who granted one knows what I mean, and who has not had the opportunity to visit a hooters ... don't know what is lost ***comments in parentheses * *** :-)

The point is that the website of hooters Germany was committed to a phishing attack against the HSBC bank. The first image shows the actual site and the second stay at the same phishing hosting.


Now the question is how to realize that this is a fake page. Despite being almost faithful copy of the real, the first of the highlights is that in this case, the address isn't nothing like the real thing.

Second, if we delve a little more we look at the HTML source code, at first glance, it also seems the real, however, a number of details, without going into technical content, can give the pattern that we are facing a deception.

Let's look a second a piece of code belonging to the actual page:
We note that rel="canonical" refers to the url http://www.hsbc.co.uk/1/2, and that the styles of the site is located in /1/themes/HTML/hsbc_unpersonal/css/.

Now observe the same piece of code but of the false page:

Why call the style files from the full address of the actual site where it's assumed that the content is in the same posting. Mmmmmmmm, is just a detail but ... isn't it strange?

PD: the package stay at the phishing site contains, among others, a file called loginfinish.php, with the following information:


Related information
Phishing Database IV
New phishing campaign against Facebook led by Zeus
Phishing campaign aimed at players Zynga
New ZeuS phishing campaign against Google and Blogger
Facebook & VISA phishing campaign proposed by ZeuS
Dissection of a fraudulent package. Wachovia phishing attack

Alex Garcia
Crimeware Researcher
Administrator of MalwareIntelligence

0 comentarios:

Post a Comment