Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - More than 6 hours ago, an organized spam terrorist group circulated at least one e-email message titled U.S. Treasury Department - Important Notification **. (See Screenshot 01.) Obviously, considering the functions of the U.S. Treasury Bank system, this is obviously a suspicious message. The message says







You’re getting this letter in connection with new directions issued by U.S. Treasury Department. The directions concern U.S. Federal Wire online payments.

On November 3, 2008 a large-scaled phishing attack started and has been still lasting. A great number of banks and credit unions is affected by this attack and quantity of illegal wire transfers has reached an extremely high level.

U.S. Treasury Department, Federal Reserve and Federal Deposit Insurance Corporation (FDIC) in common worked out a complex of immediate actions for the highest possible reduction of fraudulent operations. We regret to inform you that definite restrictions will be applied to all Federal Wire transfers from November 4 till November 14.

Here you can get more detailed information regarding the affected banks and U.S. Treasury Department restrictions:

Screenshot 01 - Source: MacHouse

Screenshot 02 - Source: Federal Reserve Board

Screenshot 03 - Source: Federal Deposit Insurance Corporation

The interesting part of this spam message is the domains of the given links. They are fdicorp.org and usatreasury.org. The top level domains are both dot org. Wait… How about the genuine domains of Federal Reserve Banks? Each of 12 federal reserve banks has its owen website with the top level domain of org. And the Federal Reserve Board has its website hosted at the domain of federalreserve.gov. (Screenshot 02 shows the genuine website of the Federal Reserve Board.) Similarly, Federal Deposit Insurance Corporation, which guarantees customers’ deposits of member banks up to $100,000 has its website hosted at the domain of fdic.gov. (Screenshot 03 shows the genuine website of the Federal Deposit Insurance Corporation.) In other words, the websites hosted at the domains of fdicorp.org and usatreasury.org may be fake.

If you access the given URL for fdicorp.org, there seems to be no website at the destination. (See Screenshot 04.) That’s good news. Bad news is that this junk domain is still active. Screenshot 05 shows its domain registration. It was registered on November 4, 2008. Similarly, the other domain, usatreasury.org, is also active. It was registered probably several hours ago. (See Screenshot 06.)

Screenshot 04 - Source: fdicorp.org

Screenshot 05 - Source: MacHouse Domain Lookup

Screenshot 06 - Source: MacHouse Domain Lookup

There is something odd about the website hosted at the domain of usatreasury.org. If you access this domain, it could take your web browser 30 seconds or longer to load up something visual. (See Screenshot 07.) The Internet connection is terribly congested. Then fake Federal Reserve Bank content eventually turns itself into a directory of junk porn websites. (See Screenshot 08.)

Screenshot 07 - Source: usatreasury.org

Screenshot 08 - Source: usatreasury.org

Don’t this slow connection and a porn directory ring us a bell? We reported a similar case involving Countrywide Bank about a week ago. This junk website, which turns into a porn directory after completion of connection, is/was hosted in China with the IP address of 123.134.66.8. Interestingly, the fake Federal Reserve Bank website is traced to the same web server whose IP address is 123.134.66.8.






References:

Countrywide Bank Phishing Website Ex China

********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?