Some are more complex than others and some more appealing or better prepared than others, but even that is trivial cheating, its effectiveness will be directly related to the level of education, security, who have access the trap of crime.
Ultimately, the following screenshot is an example with which I found recently. This is a fake site that downloads a binary file called surprise.exe (MD5: 9bd6a9cba442a88839a185eb47c2008c) which is a variant of the malicious code Virtumonde, so-called Vundo or Monde.
To display a matching component, the next is a screenshot of the actual page from sendspace.
One strategy employed by these techniques is to use domain names similar to the real, ie the page false is http://sendspace-us. com is real while the http://sendspace.com. This is, in this case, the principle of a potential infection.
Another more interesting data is that the domain represents the false site is the IP address 196.2.198.241, whose autonomous system AS33777 is of EgyptNetwork.
In turn, this IP address represents multiple domains more.
cd-soft.net
darthvader777.com
egns.vg
good1soft.com
greatlovingcore.net
kassperskylabs.cn
kentty.net
searchingforthevhostipadres.com
sendspace-us.com
sendspace.com.bz
throbilskirnir.com
thronofodin.com
ustechservic.com.cn
www.cd-soft.net
www.charming-woman.com
www.darthvader777.com
www.dx-software.com
www.egns.vg
www.good1soft.com
www.greatlovingcore.net
www.icm-com-services.com
www.sendspace.com.bz
www.throbilskirnir.com
www.thronofodin.com
www.ustechservic.com.cn
As we can see, even one of the domains on the list is kassperskylabs. cn, very similar to the known anti-virus security company.
Related Information
Phishing Kit In-the-Wild for cloning of web site, version 2 - Spanish version
Phishing Kit In-the-Wild for cloning of web site - Spanish version
# Jorge Mieres
Related Information
Phishing Kit In-the-Wild for cloning of web site, version 2 - Spanish version
Phishing Kit In-the-Wild for cloning of web site - Spanish version
# Jorge Mieres
No comments:
Post a Comment