NEWS FROM THE LAB - Monday, October 6, 2008

"Latest security Update Standard 128-bit Upgrade Certificate" Posted by Mikko @ 14:35 GMT

When phishing was young, many phishers registered lookalike domains, along the lines of bankofamerika.com, login-chase.com, and paypal-account-verification.com.

Eventually most of the phishing gangs moved on to random domains in far-away countries and just prepended the domain to create host names along the lines of www.bankofamerica.com.444hzjr4zp2b8oacgd.org.ve, www.chase.com.host8.asia, and www.paypal.com.dll-s.eu.

But every now and then we run into new fraud sites that are using the old school tricks. Like today, when somebody spammed around e-mails such as these:


The link takes you to sbooff.com, which desperately tries to mimic sboff.com, the official home page of Standard Bank Offshore:


Do note that isn't technically a phishing site, as it doesn't try trick you into entering your details to a fake site. It just tries to convince you to install a "Upgrade Certificate". Which is a program. Which is actually the Trojan-Downloader.Win32.Agent.aiqo banking trojan.

The site has been reported and should be offline soon.