Earlier today, we found a phishing site which poses as a donation site to raise money for victims of the recent earthquake in Japan. The phishing site,
http://www.japan{BLOCKED}.com, is created by using an open-source social network system
Jcow 4.2.1. It is hosted on the IP address
50.61.{BLOCKED}.{BLOCKED}, which has been found to be located to be in the US. We’ve confirmed that the site is still active as of this writing.
Aside from hosting a phishing site, the cybercriminal behind this attack also abused the blog function of the website and inserted advertisement-looking posts, possibly to increase SEO ranking.
Such attacks are not uncommon, as we’ve previously documented instances of attacks that leveraged on natural disasters such as
Hurricane Katrina in 2005,
Hurricane Gustav in 2008,
Chinese Sichuan earthquake in 2008, the latest attack used
Haiti earthquake in 2010.
Users should remember to choose trustworthy organizations when it comes to handing over their donations.
The Trend Micro Smart Protection Network, through the Web Reputation Service already blocks access to this phishing site even if a user is duped into accessing it.
[
TrendMicro]
No comments:
Post a Comment