Subscribe to RSS feeds


Oct11
by Dianne Lagrimas (Technical Communications)

Phishers celebrate Eid ul-Fitr (Feast of Breaking the Fast, a.k.a. End of Ramadan) with much activity, casting their nets on the Internal Revenue Service (IRS) and PayPal users using a Philippine-based Web site. What fits the Eid more is that the Web site used belongs to a university in the Mindanao region, where the largest population of Muslims are found in the Philippines.

The phishers created folders that were appended to the Western Mindanao State University URL (wmsu.edu.ph). The exact URLs appeared to be the following:

  • wmsu.edu.ph/{BLOCKED}s/*
  • wmsu.edu.ph/www.{BLOCKED}l.com/*
  • wmsu.edu.ph/{BLOCKED}s/*
  • wmsu.edu.ph/.us/{BLOCKED}r.php%3f*

When users access the said URLs, spoofed login pages to the IRS and PayPal are displayed:

{IRS spoofed login page}

{PayPal spoofed login page}

{PayPal spoofed login page}

TrendLabs Manila has contacted WMSU regarding this matter. WMSU, in turn, has already taken steps to clean their site and investigate the root cause of this incident. Meanwhile, Trend Micro users are assured that the abovementioned URLs are now blocked by Trend Micro products.



This entry was posted on Thursday, October 11th, 2007 at 2:43 am and is filed under Phishing . Responses are closed, but you can trackback from your own site.



Comments are closed.


Malware Goes Hentai-happy
Philippine Bank Phished


 
TrendWatch Hijack This Security Tips for Consumers
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
Glossary of Threat Terms

 
© Copyright 2008 Trend Micro IncAll rights reserved. Legal Notice