[Malware] The Phishing Storm of 2008

Caution the following post contains explicit malware content, be careful!!!!

As every end of year Web registers a significative incrase of Malware attacks over various fronts, in particular WebSite Phishing Frauds, File Infection and New Rootkits.

This information can be verified by consulting http://www.antiphishing.org/

Obviously 90% of Frauds comes from fake Websitesin topic with the current Holidays, such as Christmas Gifts, E-Card / Postcard Online services. In the last days for example I’ve founded two phishing E-Card WebSites:

familypostcards2008.com

uhavepostcard.com

Let’s lookup the first WebSite:

———————————

Domain name:             UHAVEPOSTCARD.COM
Name Server:             ns.uhavepostcard.com 74.66.92.4
Name Server:             ns10.uhavepostcard.com 193.150.206.29
Name Server:             ns11.uhavepostcard.com 24.151.246.25
Name Server:             ns12.uhavepostcard.com 78.60.126.188
Name Server:             ns13.uhavepostcard.com 78.60.126.188
Name Server:             ns2.uhavepostcard.com 71.11.228.181
Name Server:             ns3.uhavepostcard.com 76.236.158.155
Name Server:             ns4.uhavepostcard.com 76.226.91.98
Name Server:             ns5.uhavepostcard.com 68.45.61.150
Name Server:             ns6.uhavepostcard.com 65.35.110.50
Name Server:             ns7.uhavepostcard.com 67.58.159.109
Name Server:             ns8.uhavepostcard.com 70.92.107.11
Name Server:             ns9.uhavepostcard.com 12.216.86.166
Creation Date:           2007.12.23
Updated Date:            2007.12.24
Expiration Date:         2008.12.23
---------------------------------
Domain name:             FAMILYPOSTCARDS2008.COM
Name Server:             ns.familypostcards2008.com 71.130.195.9
Name Server:             ns10.familypostcards2008.com 86.137.196.186
Name Server:             ns11.familypostcards2008.com 78.60.126.188
Name Server:             ns12.familypostcards2008.com 76.174.52.123
Name Server:             ns13.familypostcards2008.com 71.230.66.163
Name Server:             ns2.familypostcards2008.com 76.205.135.226
Name Server:             ns3.familypostcards2008.com 75.9.137.204
Name Server:             ns4.familypostcards2008.com 76.206.232.36
Name Server:             ns5.familypostcards2008.com 98.201.54.7
Name Server:             ns6.familypostcards2008.com 69.247.162.86
Name Server:             ns7.familypostcards2008.com 74.161.36.118
Name Server:             ns8.familypostcards2008.com 12.217.82.249
Name Server:             ns9.familypostcards2008.com 193.150.206.29
Creation Date:           2007.12.29
Updated Date:            2007.12.29
Expiration Date:         2008.12.29

———————————

Its truly curious that these domains comes from Los Angeles and are created only for these hollidays🙂

The spreaded malware is always the same but in different forms:

  • happy_2008.exe
  • Happy2008.exe
  • stripshow.exe
  • happynewyear2008.exe

So pay attention to these Postcard sites..😉

Regard,

Evilcry

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: