Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    storm_phishing_rbs.JPG

    Click for larger image

    It should not be news to you that we do an extraordinary amount of work keeping track of domains, correlating domain information — both old and new — to previously identified IP host addresses and known “bad actors”.

    This is part of our ongoing efforts in the area of determining domain reputation — to identify and flag suspicious behavior in such a way as to provide an early warning system for identifying potential web threats.

    Having said that, several domains which where only registered yesterday “popped up” on our internal early warning systems overnight, and surprisingly enough, we started seeing these hosts serving up phishing pages (partial screenshot of Royal Bank of Scotland phish above) today.

    Another interesting aspect of this turn of events is that these hosts are part of the Storm fast-flux botnet, and we detected them while watching domain activity normally associated with suspected RBN (Russian Business Network) -associated activities.

    We can only suspect that perhaps a portion of the Storm botnet is being rented out to phishers, but it is interesting to see this criminal progression as Storm “celebrates” being a year-old this month.

    We’ve identified several of these phishing domains and block them, and will continue to identify them as they pop up and block them, as well.

    Paul “Fergie” Ferguson
    Internet Security Intelligence
    Advanced Threats Research





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice