Mal/Phish-A

Category: Viruses and Spyware Protection available since:16 Feb 2010 22:52:48 (GMT)
Type: Malicious behavior Last Updated:06 Jan 2012 20:58:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mal/Phish-A is a phishing web page, usually sent as a spam attachment or seen on the internet.

Mal/Phish-A attempts to steal personal information (for example login information, banking details or credit card numbers) by pretending to be a page belonging to a legitimate account provider but sending the details to a malicious or compromised website instead. Mal/Phish-A may then redirect to the legitimate provider's website in order to hide the fact that information has been stolen.

As well as banking organisations from around the world, Mal/Phish-A targets other institutions including PayPal and government tax departments.

Examples of Mal/Phish-A include:

Example 1

File Information

Size
19K
SHA-1
04e38b37fd1fd3c3faa194cf8c3e3d5908de6fdd
MD5
2509e33468f6b6f9cc2db14edc731f5d
CRC-32
f7d56f9f
File type
Hypertext Markup Language
First seen
2013-01-12

Runtime Analysis

HTTP Requests
  • http://50.87.110.136/resources/images/body/arrowgrigio.gif
  • http://50.87.110.136/resources/images/body/bkgr.gif
  • http://50.87.110.136/resources/images/body/bkgrFooter.jpg
  • http://50.87.110.136/resources/images/body/bkgrHeader.gif
  • http://50.87.110.136/resources/images/fcc/sfondo_login_bottom.jpg
  • http://50.87.110.136/resources/images/fcc/sfondo_login_top.jpg
  • http://50.87.110.136/~el8/wp-includes/images/login/Postafree_615x180_13072012.jpg
  • http://50.87.110.136/~el8/wp-includes/images/login/a.htm
  • http://50.87.110.136/~el8/wp-includes/images/login/accediservizi-restyle.css
  • http://50.87.110.136/~el8/wp-includes/images/login/gen_validatorv4.js
  • http://50.87.110.136/~el8/wp-includes/images/login/lock.gif
  • http://50.87.110.136/~el8/wp-includes/images/login/logoposte.gif
  • http://50.87.110.136/~el8/wp-includes/images/login/pcomutility.js
  • http://50.87.110.136/~el8/wp-includes/images/login/pesce.gif
  • http://50.87.110.136/~el8/wp-includes/images/login/poste.js
  • http://50.87.110.136/~el8/wp-includes/images/login/poste2.js
  • http://50.87.110.136/~el8/wp-includes/images/login/standard.css
  • http://bancopostaonline.poste.it/bpolStyle.css.asp
  • http://code.jquery.com/jquery-latest.js
IP Connections
  • 50.87.110.136:80
DNS Requests
  • bancopostaonline.poste.it
  • code.jquery.com

Example 2

File Information

Size
21K
SHA-1
1837befe0e0aec756d5c554c547707a79bfa97a6
MD5
9eb3ba78aae93e953d6c82fb9f172df7
CRC-32
636fe322
File type
Hypertext Markup Language
First seen
2013-05-19

Runtime Analysis

HTTP Requests
  • http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js
  • http://fonts.googleapis.com/css
  • http://static.websimages.com/static/global/js/require.js
  • http://static.websimages.com/v2206319/static/projects/finch/js/modernizr.js
DNS Requests
  • ajax.googleapis.com
  • fonts.googleapis.com
  • static.websimages.com

Example 3

File Information

Size
61K
SHA-1
1e382d9be3bd30fd7c5de55eac9f91025ee60cbb
MD5
b0fddd46faf50ebcb940caf105fde7d9
CRC-32
14f489f4
File type
JavaScript
First seen
2013-03-21

Runtime Analysis

DNS Requests
  • cittadelcinema.it
  • ib.absa.co.za
  • www.absa.co.za

download Try Sophos products for free
Download now