« April 2010 · October 2010 »
|
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 15.08.2010: Spam using RU domains - Who's your nameserver?
- 13.08.2010: Binary Whitelisting Service
- 02.08.2010: Of Opinions and Anti-Virus Testing
- 05.07.2010: Lies, Damn Lies, and Botnet Size
- 09.06.2010: Shadowserver Sinkholing domain associated with SQLi attacks on IIS/ASP web servers
Tuesday, 8 January 2008
Storm goes phishing?
Today Shadowserver picked up a new name being used by the Storm worm: i-barclays.com. Obviously, this site can be (and evidently has been) used for phishing. This is a new twist for whoever is behind Storm, as we've not seen them try the phishing angle. All Storm nodes capable of serving up any of the Holiday ecards can also serve as phishing sites.
It should be pointed out that the registrar, nic.ru, has not pulled any of the original Holiday ecard domains. There is little reason to believe that they will pull new phishing domains with any reasonable speed. The Storm group stands to be the new owners of thousands of accounts, both with Barclays and Halifax (the other domain currently in use is i-halifax.com). Barclays is returning a 403 error from storm nodes at the moment, but the Halifax phish is live.
Others have seen similar behavior:
PhishTank has screenshots of the phish itself
SCMagazineUS.com reported on a finding by Fortinet.
i-barclays.com has shown up before as a known phishing domain, but someone didn't get the memo when the Storm group re-registered it.
=>Posted January 08, 2008, at 09:42 AM by Mike Johnson
