Chinese Bank's Server Used in Phishing Attacks on U.S. Banks

["Fergie" <fergdawg () netzero net>]

Via Netcraft.

[snip]

A web server belonging to a state-operated Chinese bank is hosting phishing sites targeting U.S. banks and financial 
institutions. Phishing e-mails sent on Saturday (March 11) targeting customers of Chase Bank and eBay were directed to 
sites hosted on ip addresses assigned to The China Construction Bank (CCB) Shanghai Branch. The phishing pages are 
located in hidden directories with the server's main page displaying a configuration error. This is the first instance 
we have seen of one bank's infrastructure being used to attack another institution.

The attack on Chase offers recipients the chance to earn $20 by filling out a user survey which presents a series of 
questions about the usability of the Chase online banking site, followed by a request for user ID and password, so the 
$20 "reward" can be deposited to the proper account. The form also requests the victim's bankcard number, PIN number, 
card verification number, mother's maiden name and Social Security number. Any data submitted is then sent to a free 
form processing service on a server in India.

[snip]

More here:
http://news.netcraft.com/archives/2006/03/12/chinese_banks_server_used_in_phishing_attacks_on_us_banks.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.