Personal blog of Alex Muratov

Phishing, funny stuff

Posted on August 23, 2015 | in Uncategorized | by

Recently I got yet another phishing email that invited me to do something urgently with my RBC account.

phishing-rbc1

Oh, nice! I have to install a security certificate in order to continue use RBC online banking. Too complex to be true, right? I checked the attachment and it was not a security certificate as was promised. Actually it was an HTML file that simply redirects a victim to a phishing site.

Nothing special, a phishing page was hosted at some Norwegian porno-site. Apparently it was hacked and phishing pages/scripts were injected. What was actually interesting – hacker forgot to disable directory view and all files were visible. Surprisingly there was “.htaccess” file. I opened it and enjoyed long list of IP addresses with funny comments:

phishing-rbc2

 

It indicates that the hacker has a pretty long list of “offenders” – security companies, ad bots, crawlers, etc. Unfortunately the owner of the legitimate site quickly find out (or another party informed about) injected phishing pages and deleted all of them so I did not have a chance to dig further.

Leave a Reply

BOINC

BOINC

Ads

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Calendar

August 2015
M T W T F S S
« Oct   Oct »
 12
3456789
10111213141516
17181920212223
24252627282930
31  
%d bloggers like this: