Sophos

Download Windows 7 security - A great leap forward or business as usual?

« Talk to SophosLabs W32/Liji-A virus propagation »

Isle of Man Phish

UK element to a phishing attack against PayPal today. The spammed out phish email (below) provided three different links, all to a .location.html file on what appear to be 3 compromised boxes (one in Japan, two in Korea).

Isle of Man Phish email

The .location.html file simply contains a short redirect script:

<script>window.location="http://(ip_removed)/.pp/confirm-account/processing.php";</script>

The IP addresses places the server within a location facility based on the Isle of Man. Looking through the files on that machine, reveals some of the usual content, including a public JavaScript (some of which appears to have been written in 2003) designed to validate credit-card details submitted in web forms! Nice to see code reuse, with no reinventing of the wheel! The harvesting site appears to have been constructed for the phishing attack, and is not using another compromised server.

Site awaiting content page

Posted on April 23rd, 2007 by Fraser Howard, SophosLabs UK
Filed under: Uncategorized

Email this story to a friend   Digg   Reddit   Technorati   Slashdot   Facebook   Twitter   NewsVine   MySpace   Google   Live   Mixx   del.icio.us   StumbleUpon  

Download Windows 7 security - A great leap forward or business as usual?

Related posts