Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Replacing Phishers with a Small Shell Script: Jakarta Bombing Malware

Almost on cue, with the news of the bombing in Jakarta, the bottom-feeders of the black-hatters have started to put up Jakarta-related phishing schemes. The first wave seems to be more of the fake anti-virus variety and Threat Expert has a write up on that malware. Nothing seems particularly interesting on it.

It would be a novel invention (but probably unworkable) if domain registrars could simply halt registrations for "crisis-related" domains to slow this kind of thing down (and the same for web advertisement services like Google).  A list of hostile domains is on its way to various security researcher lists, but keep an eye for Jakarta-related phishing attacks.

John Bambenek
bambenek /at/ gmail dot com


262 Posts
ISC Handler
Jul 17th 2009
yeah, and it would also help if domain registrars would stop registering pill spam domains, but we don't see that happening either...

Sign Up for Free or Log In to start participating in the conversation!