Caution the following post contains explicit malware content, be careful!!!!
As every end of year Web registers a significative incrase of Malware attacks over various fronts, in particular WebSite Phishing Frauds, File Infection and New Rootkits.
This information can be verified by consulting http://www.antiphishing.org/
Obviously 90% of Frauds comes from fake Websitesin topic with the current Holidays, such as Christmas Gifts, E-Card / Postcard Online services. In the last days for example I’ve founded two phishing E-Card WebSites:
familypostcards2008.com
uhavepostcard.com
Let’s lookup the first WebSite:
———————————
Domain name: UHAVEPOSTCARD.COM Name Server: ns.uhavepostcard.com 74.66.92.4 Name Server: ns10.uhavepostcard.com 193.150.206.29 Name Server: ns11.uhavepostcard.com 24.151.246.25 Name Server: ns12.uhavepostcard.com 78.60.126.188 Name Server: ns13.uhavepostcard.com 78.60.126.188 Name Server: ns2.uhavepostcard.com 71.11.228.181 Name Server: ns3.uhavepostcard.com 76.236.158.155 Name Server: ns4.uhavepostcard.com 76.226.91.98 Name Server: ns5.uhavepostcard.com 68.45.61.150 Name Server: ns6.uhavepostcard.com 65.35.110.50 Name Server: ns7.uhavepostcard.com 67.58.159.109 Name Server: ns8.uhavepostcard.com 70.92.107.11 Name Server: ns9.uhavepostcard.com 12.216.86.166 Creation Date: 2007.12.23 Updated Date: 2007.12.24 Expiration Date: 2008.12.23
---------------------------------
Domain name: FAMILYPOSTCARDS2008.COM Name Server: ns.familypostcards2008.com 71.130.195.9 Name Server: ns10.familypostcards2008.com 86.137.196.186 Name Server: ns11.familypostcards2008.com 78.60.126.188 Name Server: ns12.familypostcards2008.com 76.174.52.123 Name Server: ns13.familypostcards2008.com 71.230.66.163 Name Server: ns2.familypostcards2008.com 76.205.135.226 Name Server: ns3.familypostcards2008.com 75.9.137.204 Name Server: ns4.familypostcards2008.com 76.206.232.36 Name Server: ns5.familypostcards2008.com 98.201.54.7 Name Server: ns6.familypostcards2008.com 69.247.162.86 Name Server: ns7.familypostcards2008.com 74.161.36.118 Name Server: ns8.familypostcards2008.com 12.217.82.249 Name Server: ns9.familypostcards2008.com 193.150.206.29 Creation Date: 2007.12.29 Updated Date: 2007.12.29 Expiration Date: 2008.12.29
———————————
Its truly curious that these domains comes from Los Angeles and are created only for these hollidays 🙂
The spreaded malware is always the same but in different forms:
- happy_2008.exe
- Happy2008.exe
- stripshow.exe
- happynewyear2008.exe
So pay attention to these Postcard sites.. 😉
Regard,
Evilcry