SecurityIntelligence is another division of MalwareIntelligence that focuses on aspects related to Information Security. The proposed content related to security issues and aspects relating to the management and administration of an information environment.

February 28, 2010

Phishing database III

Financial & Banking Institutions
Canada Trusth (
Citigroup (
CUA - Credit Union Australia (
UniCredit Banca (
Grupo Banca Carige (

Grupo Banca Popolare Di Bari
Banca Cesare Ponti (
Banca Del Monte Di Luccia (
CRS - Cassa di Risparmio di Savona (
Cassa di Risparmio di Carrara (
Poste Italiane (
Santander (

In the domain climbed several packages of phishing through a shell. Besides HSBC phishing pack, found others to CIBS and ING Direct.

ING Direct (
Lloyds TSB (
Wachovia (
Bank of America (
J.P.Morgan (
egg (,00.html
InterSwitch (
MoneyGram (
Discover (

Electronic Commerce
Amazon (
PayPal (
Capitalone (

Government Services
IRS - Internal Revenue Service (
HMRC - HM Revenue & Customs (

Online Games
World of Warcraft (

Zynga Poker (

Social Networking
Hi5 (
MySpace (
Orkut (
Facebook (
Xbox Live (

Yahoo (
Windows Live (
AOL Mail (
AIM Express (

File Hosting
Rapidshare (
Hotfile (

Related information

Jorge Mieres

Ver más

February 16, 2010

Phishing database II

Financial & Banking Institutions 

Bank of America
Banco do Brasil

Poste italiane$SM$ZEj9fNrjJTQ1UbgR9hbQoqbSyCYN9lBONkWfqG8%2fz9C7F9%2bG8tRBmA%3d%3d&TARGET=$SM$

CUA (Credit Union Australia)





Electronic Commerce

File Hosting

Social Networking

Telephone services & others


Windows Live Hotmail

En este caso, en el mismo servidor se aloja otro phishing pero hacia la compañía Telcel, y se almacena toda la información robada: la relacionada a las tarjetas de crédito (correspondientes a TelCel) y las credenciales de acceso al webmail de Microsoft. Además de la descarga de un falso Windows Messenger 2010 que es un malware. A continuación se observa una captura del almacenamiento de credenciales.

Online Games
World of Warcraft

Related Information

Jorge Mieres

Ver más

February 09, 2010

Phishing database I

Phishing responds to a purely criminal activity, part of the circuit that drives the illegal business of crimeware, designed to steal money using the sensitive and private information from users that criminals obtained through non-sacred activities.

Therefore, as a preventive measure, it's important not to allow access to the domains that host usually banks cloned pages, webmail and any other Internet service through a process that requires authentication.

To that end, born Phishing database, a compendium of fraudulent domains for implementing a plunger of phishing, which can be used to create the block lists.

Wachovia Corporation






JPMorgan Chase Bank

In this case, in the same living space there is a breach against eBay phishing and another against JPMorgan Chase Bank in the IP address The site is controlled by a shell in php call !islamicshell v. edition ADVANCED!.

The truth is that in addition to web upload cloned, the attacker can quietly, such as spreading malware of any type hosted on the server which hosts the site, including (a very common and which tend to be used the shell php) defacing.

Lloyds TSB Bank


Canada Revenue Agency

Poste italiane


Jorge Mieres

Ver más

February 06, 2010

Justifying the unjustifiable in a world criminal

As many readers know, since we have been researching Malware Intelligence direct implications of all this new generation of malicious code and criminal activity that daily feed back the business of crimeware.

Under this premise, the researchers focused their efforts on trying to reveal the different branches that are entangled with each other in a tangle of illegal actions aimed mainly to get money from users through unethical techniques. And according to this ... there are still doubts that we are facing a big business that profit through illegal activities that rub? (obviously, always according to the laws of each country). I think the unanimous answer is NO.

Saved this assessment after exposing both content around the state of the art of crimeware, including relevant data yet unexposed to not hamper the continuity of investigations, and has become a common aspect receive messages and comments, most aggressive, those responsible for the development or commercialization of certain applications crimeware.

Under this scenario, and although I'm not giving explanations on the research we perform, this time an exception will expose two of the last comments we have received from those who are part of the business of crimeware.

Especially because in some way reflect the philosophy (of life and mental) who operate from the underground, but lately things are changing.

The first case is an anonymous, non-aggressive that I personally must confess that ... very nice:) left by one of the Partners, which markets the crimeware YES Exploit System. The comment was made in the article that talks about this exploit pack, and which also find my answer. The comment is as follows:

YES, We are the blackhats :)
Thanks for small review, but why do ppl think that blackhats are poor guyz?
It's just a business, no less, no more :) Do you wanna buy our excellent product? - there is discounts for you ;)

As they say my "friends" to them is "just a business, neither more nor less." However, let us agree that, besides not being a conventional business, represents a business model that directly and actively collaborates with criminal activities, which isn't so funny.

Now, YES Exploit System is a crimeware development that has much in your code and whose market value is USD 800. And the one thing is funny (as last sentence of the comet) is knowing that I will not get any discount on crimeware ;)

The second case I want to present is a bit more aggressive in terms of what was written in the report on the Russian service to test the detection of malware, it can read the comment and my response, which does not transcribe here because of its length. The message reads:

"In summary, further evidence that not only the exploitation of malware generates profits but also moves parallel money on services to
this industry. And in some cases like the present one, have to see if you can consider this service as a criminal act or not."

Wow and why would this service be criminal act?

It's clear to me that someone has a year work in a software like this scanner and he want to make money with it.
If you don't like it don't use it. Noone forces you to pay for it or submit files there but since I see you are a little wanker
blogger who does not respect others work I giving it to you straight.

You have no inside experience in the antivirus industry whatsoever otherwise you would know that VirusTotal distributes 200K files/day
to antivirus companies for FREE. AV companies are shit on online scanners, they wouldn't even contact you if you would ask them about file
distribution and they definately wouldn't support an online scanner so what else can these services do to remain online?

Before you criticizing others work put something down on the table little frustrated shit..."

Regardless of the aggressive connotation that presents this second point, it's interesting who comes. Someone who uses the word as a nickname "KLESK" and host of an "attempt by business" completely unlawful, in which page one of the first things we read is "Selling corporate data, trade secrets".

"We sell corporate data and trade secrets", continues the propaganda. Clarify further what type of information supposedly "steal" companies, and topped with something very interesting:

"Please losers/asszors stay away, all the data bids start on 5 figures" :: Without words… :)

In order, particularly the latter case represents a good opportunity to analyze the psychology of a prospectus to cyber-criminal whose attempt to "negotiate" not only leaves much to be desired but can not even be rated as a possibility to be considered as an object research.

Related Information
Russian service online to check the detection of malware
YES Exploit System. Otro crimeware made in Rusia

Jorge Mieres

Ver más