HP Server at Swedish University Hacked to Host Phishing Website for Australia and New Zealand Banking Group
TOKYO (MacHouse) - If you are not from Australia or New Zealand, you may never heard of a bank called ANZ. (Screenshot 01 shows its main website.) We didn’t till just 90 minutes ago. According to its website, ANZ is the largest bank in New Zealand and one of the largest companies in Australia. We are talking about this bank group today because more than 8 hours ago, an international cybercriminal group sent out a phishing e-mail message involving ANZ. (See Screenshot 02.) The message says “We have added new security features to make ANZ Bank safer than ever” and urges you to log in your account.
 Screenshot 01 - Source: ANZ |
 Screenshot 02 - Source: MacHouse |
 Screenshot 03 - Source: MacHouse |
So how do we know that it’s a phishing message? The hyperlink behind the link given in the message is not what it says is. It’s actually http://130.241.185.149/hp/device/www.anz.com.au.htm.
Anyway, if you look at the mail source code, it’s not necessarily easy to tell that this message is sent by someone other than ANZ. The headers appear to be manipulated to make it look as if the message had been sent from ANZ. (See Screenshot 03.) But it’s not from ANZ. The IP address of 217.160.175.143 is located in Germany. The website hosted at the domain of pureserver.info seems to be run by a mysterious German web host called 1&1 Internet AG (www1.1und1.de).
If you click on the hyperlink shown in the phishing message, you will be directed to a supposed-to-be phishing website. At the time when accessed it, the site content did not exist or was already removed. (See Screenshot 04.)
 Screenshot 04 - Source: University of Gothenburg |
 Screenshot 05 - Source: University of Gothenburg |
 Screenshot 06 - Source: University of Gothenburg |
There is no domain attached to this website, so what’s going on? If you look around, you will find that it’s an HP server run at a local area network. (See Screenshot 05-7.) The IP address of 130.241.185.149 is actually hosted in Sweden. More specifically, it’s hosted by the University of Gothenburg in Sweden. (See Screenshot 08-9.)
 Screenshot 07 - Source: University of Gothenburg |
 Screenshot 08 - Source: MacHouse |
 Screenshot 09 - Source: University of Gothenburg |
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.