Thursday, January 10, 2008

Storm is Phishing!

There is another twist in the Storm-Zhelatin story; it is being used to host phishing sites. The gang behind this prolific malware has registered domain names similar those used by well known banks such as Barclays and Halifax. They are directing web requests to these rogue domain names toward computers infected with Storm. The infected computers serve a fake login page and will steal the user name and password of any visitor. Following some sources like F-secure, it seems that somebody is now using machines infected with and controlled by Storm to run phishing scams. I haven't seen this before.