I've not been able to identify any other domains involved yet (haven't checked PhishTank yet however), but it's guaranteed there either is, or will be, alot more of these.
www.mybank.alliance-leicester.zewcdenixx.com
Latest IP's;
151.65.223.61 - Failed to resolve
173.19.26.252 - 173-19-26-252.client.mchsi.com
202.131.190.199 - 202.131.190.199
204.118.0.2 - Failed to resolve
208.96.88.89 - Failed to resolve
213.94.231.25 - Failed to resolve
60.53.163.145 - Failed to resolve
78.129.34.87 - Failed to resolve
79.138.212.21 - 79.138.212.21.bredband.tre.se
79.78.135.29 - 79-78-135-29.dynamic.dsl.as9105.com
83.172.102.148 - 83-172-64-148.lidnet.net
99.191.125.175 - Failed to resolve
76.69.246.38 - bas3-montreal31-1279653414.dsl.bell.ca
24.56.218.247 - c-24-56-218-247.customer.broadstripe.net
76.26.26.141 - c-76-26-26-141.hsd1.fl.comcast.net
76.28.8.230 - c-76-28-8-230.hsd1.ct.comcast.net
80.217.40.148 - c80-217-40-148.bredband.comhem.se
98.208.170.143 - c-98-208-170-143.hsd1.fl.comcast.net
82.5.94.177 - cpc1-seve5-0-0-cust688.popl.cable.ntl.com
209.51.85.202 - dynamic.apogeenet.net
92.226.74.105 - g226074105.adsl.alicedsl.de
82.254.24.128 - lns-bzn-32-82-254-24-128.adsl.proxad.net
84.224.0.25 - netacc-gpn-4-0-25.pool.pannon.hu
213.211.224.117 - port-ip-213-211-224-117.reverse.mdcc-fun.de
24.199.65.10 - user-0cceg8a.cable.mindspring.com
24.239.153.188 - user-0cev6ds.cable.mindspring.com
173.19.26.252 - 173-19-26-252.client.mchsi.com
202.131.190.199 - 202.131.190.199
204.118.0.2 - Failed to resolve
208.96.88.89 - Failed to resolve
213.94.231.25 - Failed to resolve
60.53.163.145 - Failed to resolve
78.129.34.87 - Failed to resolve
79.138.212.21 - 79.138.212.21.bredband.tre.se
79.78.135.29 - 79-78-135-29.dynamic.dsl.as9105.com
83.172.102.148 - 83-172-64-148.lidnet.net
99.191.125.175 - Failed to resolve
76.69.246.38 - bas3-montreal31-1279653414.dsl.bell.ca
24.56.218.247 - c-24-56-218-247.customer.broadstripe.net
76.26.26.141 - c-76-26-26-141.hsd1.fl.comcast.net
76.28.8.230 - c-76-28-8-230.hsd1.ct.comcast.net
80.217.40.148 - c80-217-40-148.bredband.comhem.se
98.208.170.143 - c-98-208-170-143.hsd1.fl.comcast.net
82.5.94.177 - cpc1-seve5-0-0-cust688.popl.cable.ntl.com
209.51.85.202 - dynamic.apogeenet.net
92.226.74.105 - g226074105.adsl.alicedsl.de
82.254.24.128 - lns-bzn-32-82-254-24-128.adsl.proxad.net
84.224.0.25 - netacc-gpn-4-0-25.pool.pannon.hu
213.211.224.117 - port-ip-213-211-224-117.reverse.mdcc-fun.de
24.199.65.10 - user-0cceg8a.cable.mindspring.com
24.239.153.188 - user-0cev6ds.cable.mindspring.com
E-mail content:
ONLINE BANKING INFORMATION UPGRADE,
Thank you for banking online at Alliance & Leicester. At Alliance & Leicester bank, your security is our primary concern. And in order to guard against the recent spate of fraud and identity theft involving online account holders, we have recently introduced additional security measures and upgraded our software to protect our online account holders.
The security upgrade will be effective immediately and requires our customers to update their access and Sign in Protection activation.
Please Upgrade Your Information <http://www.mybank.alliance-leicester.zewcdenixx.com/index.assp=mybanknlogin_access/index.php>
For your security, you won't be able to gain access to your accounts until you've done this.
Best Regards.
Alliance & Leicester Security Department Team.
Alliance & Leicester is part of the Santander Group, one of the world's largest banking groups. More information on Banco Santander can be found at www.santander.com
Thank you for banking online at Alliance & Leicester. At Alliance & Leicester bank, your security is our primary concern. And in order to guard against the recent spate of fraud and identity theft involving online account holders, we have recently introduced additional security measures and upgraded our software to protect our online account holders.
The security upgrade will be effective immediately and requires our customers to update their access and Sign in Protection activation.
Please Upgrade Your Information <http://www.mybank.alliance-leicester.zewcdenixx.com/index.assp=mybanknlogin_access/index.php>
For your security, you won't be able to gain access to your accounts until you've done this.
Best Regards.
Alliance & Leicester Security Department Team.
Alliance & Leicester is part of the Santander Group, one of the world's largest banking groups. More information on Banco Santander can be found at www.santander.com
References:
Alliance and Leicester botnet
http://hphosts.blogspot.com/2009/09/alert-alliance-and-leicester-botnet.html
Alert: Alliance & Leicester botnet back ....
http://hphosts.blogspot.com/2009/08/alert-alliance-leicester-botnet-back.html
Is your computer part of the Alliance and Leicester phishing botnet?
http://hphosts.blogspot.com/2009/07/is-your-computer-part-of-alliance-and.html
No comments:
Post a Comment