Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Chinese Bank's Server Used in Phishing Attacks on US Banks

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Chinese Bank's Server Used in Phishing Attacks on US Banks
Date: Mon, 13 Mar 2006 01:28:45 -0600 (CST) 
http://news.netcraft.com/archives/2006/03/12/chinese_banks_server_used_in_phishing_attacks_on_us_banks.html

By Rich Miller
March 12, 2006 

A web server belonging to a state-operated Chinese bank is hosting
phishing sites targeting U.S. banks and financial institutions.  
Phishing e-mails sent on Saturday (March 11) targeting customers of
Chase Bank and eBay were directed to sites hosted on ip addresses
assigned to The China Construction Bank (CCB) Shanghai Branch. The
phishing pages are located in hidden directories with the server's
main page displaying a configuration error. This is the first instance
we have seen of one bank's infrastructure being used to attack another
institution.

The attack on Chase offers recipients the chance to earn $20 by
filling out a user survey which presents a series of questions about
the usability of the Chase online banking site, followed by a request
for user ID and password, so the $20 "reward" can be deposited to the
proper account. The form also requests the victim's bankcard number,
PIN number, card verification number, mother's maiden name and Social
Security number. Any data submitted is then sent to a free form
processing service on a server in India.

The URL in the phishing email uses an IP address rather than a domain,
typically a strong indicator of a phishing site. As a result, the
Netcraft Toolbar assigns the site a high risk rating. The spoof site,
a template of which has been in use since September, pulls images and
style sheets from the chaseonline.chase.com web site. Many bank sites
are configured to prevent logos and other images on their server from
being displayed on other web sites - a practice known as "hot-linking"  
or "bandwidth leeching" - to prevent phishing sites from using the
institution's own images and bandwidth to scam customers. Any
third-party sites appropriating logos can be detected through web site
referrer statistics.

The same IP address at CCB Shanghai was used Saturday to host a page
spoofing the eBay login screen. The China Construction Bank is a
state-owned commercial bank with more than 14,000 branches across
China. Last October CCB became the first of China's "Big Four"  
state-owned banks to be listed on the Hong Kong Stock Exchange.

Both attacks have been blocked by the Netcraft Toolbar, a free
phishing protection tool for Internet Explorer and Firefox users. Once
the first recipients of a phishing mail have reported the target URL,
it is blocked for toolbar users who subsequently access the URL.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Chinese Bank's Server Used in Phishing Attacks on US Banks, InfoSec News <=
Previous by Date:  [ISN] Porn Biller Says It Was Framed, InfoSec News
Next by Date:  [ISN] Program Teaches Students About Cyber Security, InfoSec News
Previous by Thread:  [ISN] Porn Biller Says It Was Framed, InfoSec News
Next by Thread:  [ISN] Program Teaches Students About Cyber Security, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]