Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 24 September 2009

Alliance and Leicester botnet: Here we go again

Looks like the Alliance and Leicester botnet is back yet again.

I've not been able to identify any other domains involved yet (haven't checked PhishTank yet however), but it's guaranteed there either is, or will be, alot more of these.

www.mybank.alliance-leicester.zewcdenixx.com

Latest IP's;

151.65.223.61 - Failed to resolve
173.19.26.252 - 173-19-26-252.client.mchsi.com
202.131.190.199 - 202.131.190.199
204.118.0.2 - Failed to resolve
208.96.88.89 - Failed to resolve
213.94.231.25 - Failed to resolve
60.53.163.145 - Failed to resolve
78.129.34.87 - Failed to resolve
79.138.212.21 - 79.138.212.21.bredband.tre.se
79.78.135.29 - 79-78-135-29.dynamic.dsl.as9105.com
83.172.102.148 - 83-172-64-148.lidnet.net
99.191.125.175 - Failed to resolve
76.69.246.38 - bas3-montreal31-1279653414.dsl.bell.ca
24.56.218.247 - c-24-56-218-247.customer.broadstripe.net
76.26.26.141 - c-76-26-26-141.hsd1.fl.comcast.net
76.28.8.230 - c-76-28-8-230.hsd1.ct.comcast.net
80.217.40.148 - c80-217-40-148.bredband.comhem.se
98.208.170.143 - c-98-208-170-143.hsd1.fl.comcast.net
82.5.94.177 - cpc1-seve5-0-0-cust688.popl.cable.ntl.com
209.51.85.202 - dynamic.apogeenet.net
92.226.74.105 - g226074105.adsl.alicedsl.de
82.254.24.128 - lns-bzn-32-82-254-24-128.adsl.proxad.net
84.224.0.25 - netacc-gpn-4-0-25.pool.pannon.hu
213.211.224.117 - port-ip-213-211-224-117.reverse.mdcc-fun.de
24.199.65.10 - user-0cceg8a.cable.mindspring.com
24.239.153.188 - user-0cev6ds.cable.mindspring.com


E-mail content:

ONLINE BANKING INFORMATION UPGRADE,


Thank you for banking online at Alliance & Leicester. At Alliance & Leicester bank, your security is our primary concern. And in order to guard against the recent spate of fraud and identity theft involving online account holders, we have recently introduced additional security measures and upgraded our software to protect our online account holders.

The security upgrade will be effective immediately and requires our customers to update their access and Sign in Protection activation.

Please Upgrade Your Information <http://www.mybank.alliance-leicester.zewcdenixx.com/index.assp=mybanknlogin_access/index.php>

For your security, you won't be able to gain access to your accounts until you've done this.

Best Regards.
Alliance & Leicester Security Department Team.

Alliance & Leicester is part of the Santander Group, one of the world's largest banking groups. More information on Banco Santander can be found at www.santander.com


References:

Alliance and Leicester botnet
http://hphosts.blogspot.com/2009/09/alert-alliance-and-leicester-botnet.html

Alert: Alliance & Leicester botnet back ....
http://hphosts.blogspot.com/2009/08/alert-alliance-leicester-botnet-back.html

Is your computer part of the Alliance and Leicester phishing botnet?
http://hphosts.blogspot.com/2009/07/is-your-computer-part-of-alliance-and.html

No comments: