Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Replacing Phishers with a Small Shell Script: Jakarta Bombing Malware - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Replacing Phishers with a Small Shell Script: Jakarta Bombing Malware

Almost on cue, with the news of the bombing in Jakarta, the bottom-feeders of the black-hatters have started to put up Jakarta-related phishing schemes. The first wave seems to be more of the fake anti-virus variety and Threat Expert has a write up on that malware. Nothing seems particularly interesting on it.

It would be a novel invention (but probably unworkable) if domain registrars could simply halt registrations for "crisis-related" domains to slow this kind of thing down (and the same for web advertisement services like Google).  A list of hostile domains is on its way to various security researcher lists, but keep an eye for Jakarta-related phishing attacks.

--
John Bambenek
bambenek /at/ gmail dot com

John

245 Posts
ISC Handler
yeah, and it would also help if domain registrars would stop registering pill spam domains, but we don't see that happening either...
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!