Phishing phun with Chinese banks (and annoying clocks)

Welcome to today's IT Blogwatch, in which phishers actually send their victims to a real bank website ... well, kinda. Not to mention the most annoying alarm clocks ever ...

Phishing. Ainchajustsickofit? Jeremy Kirk has the scoop on the latest twist in the phishy tail [You're fired -Ed.]:  "Criminals appear to have hacked a Chinese bank's server and are using it to host phishing sites to steal personal data from customers of eBay Inc. and a major U.S. bank ... phishing sites located in hidden directories on a server with IP addresses belonging to the Shanghai branch of China Construction Bank ... One of the phishing sites offered customers of Chase Bank, part of JPMorgan Chase & Co., a chance to receive $20 for filling out a survey. The survey asked for the user's ID and password so the money could be deposited. Further, it requested the person's bank card number, PIN, card verification number, mother's maiden name and their U.S. Social Security number ... The submitted data is then apparently sent to a form-processing server in India."

» Netcraft's Rich Miller fills in the banks ... errr, blanks: "The URL in the phishing email uses an IP address rather than a domain, typically a strong indicator of a phishing site ... The spoof site, a template of which has been in use since September, pulls images and style sheets from the chaseonline.chase.com web site. Many bank sites are configured to prevent logos and other images on their server from being displayed on other web sites - a practice known as "hot-linking" or "bandwidth leeching" - to prevent phishing sites from using the institution's own images and bandwidth to scam customers. Any third-party sites appropriating logos can be detected through web site referrer statistics. The same IP address at CCB Shanghai was used Saturday to host a page spoofing the eBay login screen. The China Construction Bank is a state-owned commercial bank with more than 14,000 branches across China. Last October CCB became the first of China's "Big Four" state-owned banks to be listed on the Hong Kong Stock Exchange. Both attacks have been blocked by the Netcraft Toolbar, a free phishing protection tool for Internet Explorer and Firefox users."

» The Make Money Fast Hall of Humiliation dons his [or her] tinfoil hat, calling it, "Not Your Average Phishing Attack ... Usually, when you get a PHISHing attempt in your inbox, and you're like me, you complain about it to the hills. One of the complaints goes to the web host provider, in hopes that they'll quickly shut down the site. Hosts used are throwaway accounts on large services like Yahoo, registering domains through cheap services ... probably all paid through a stolen credit card. This time it's a little different, however: Hackers broke into the web servers of China Construction Bank of Shanghai ... You'll notice that couched in this information is advertising for the Netcraft toolbar. I want to make sure that you know that I clearly do not support downloading software off the web that you haven't go to great lengths to scan for spyware and viruses."

» Suburbia reminds us of the basics: "As always - stay clear of suspicious emails like this. And do not ever, ever in a million years ever, share account details for any of your logins to anyone. Only use your login details on sites you know are correct and you have used before. If the URL in your browser looks even remotely suspicious, be safe rather than sorry and contact your bank (or whatever company it might be) and ask if they're the ones behind it. Normally, you’ll only be asked to participate in surveys after you've logged in as usual - otherwise the surveys are generally anonymous."

» MineralMan comments: "I've seen this phishing email. What I do not understand, to save my life, is why anyone would supply such information to anyone over the internet. I simply cannot imagine giving anyone any of that information. And for $20? Amazing."

Buffer overflow:

• Edmon Begoli: Do IT people really like what they do?
• John Paczkowski: Warning: McAfee AntiVirus has detected "Six months of hard work."
• John Battelle: Google Is Selling Books
• I Like Monkeys: OLPC Operating System
• Alan Calder: Symantec calls for multi-layered security
• Mike Pastore: Dynamic Languages in the Enterprise
• Brian Sherwin:What is Threat Analysis and Modeling?
• InfoSecPro: Prioritizing Security Processes
• Brian Duff: SQL Developer has landed
• Bruce Schneier: Huge Vulnerability in GPG
• Alex Scoble: Saying no to DRM is NOT saying yes to piracy
• CJ Kelly: Big Brother gets bigger
• Martin MC Brown: Physicalizing the virtual team
• Heidi Biggar: Storage awards: Take ’em with a grain of salt?
• Martin McKeay: Teaching the next generation of security pros
• Douglas Schweitzer: Martin, thank you for bringing this up!

And finally... Ten annoying alarm clocks [hat tip: Boing Boing]

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.