TOKYO (MacHouse) – A spam terrorist group sent out a phishing e-mail message concerning Bank of America about 17 hours ago. The title of the message says IMPORTANT: Security Issues [Incident 040921]. And the return e-mail address is shown as online@alerts.bankofamerican.com. (See Screenshot 01.) There have been at least 4 other incidents this month alone in which Bank of America’s name was used in phishing messages.
 Screenshot 01 |
 Screenshot 02 |
 Screenshot 03 |
It’s just like the infamous spam message involving a Nigerian widow that prevailed in 2001, and most Internet users already know that messages concerning accounts at Bank of America, PayPal, eBay, Amazon are fake. Even Bank of America doesn’t take phishing cases so seriously any more. For example, we reported phishing incidents involving Bank of America and websites hosted at Spoono Host to the bank a few weeks ago. But they haven’t bothered to spend a minute and show a simple form of appreciation for our kind notification.
So why are phishing terrorists still sending similar messages over and over? That’s probably because they are unemployed, bored and have nothing else to do. They should probably play sports to refresh their brains. And they should probably go back to high school and graduate to make their parents proud of them instead of making them cry.
Anyway, let’s see who’s involved in this case. The return e-mail address is shown as online@alerts.bankofamerican.com, but the source code shows that it’s been sent from cgi.24-ch.uk.clara.net with the IP address of 195.8.66.48. (See Screenshot 02.) And the message is designed to display images from http://release35.par3.com, but it appears that the website administrator at par3.com has already removed ill files. Furthermore, the forwarding URL under Click her to continue is http://www.online-bnc.com.
This time, we are using the Mac version of VisualRoute from Visualware Inc. to locate the web server. A screenshot 03 shows that a search on online-bnc.com ends at the IP address of 195.8.78.1. And it’s hosted by ClaraHost2. This piece of information is possibly consistent with the mail server, whose IP address is shown as 195.8.66.48. Therefore, the phishing message and the hosting server of online-bnc.com are likely to originate from the same place.
 Screenshot 04 – Source: online-bnc.com |
 Screenshot 05 – Source: online-bnc.com |
 Screenshot 06 – Source: online-bnc.com |
Screenshot 07 – Source: online-bnc.com
Visualware is a product of Visualware Inc.
