Email regarding Facebook account update is a phish

Google Adwords subject to phishing

Nowadays, Google Adwords is attacked by a phishing campaign. Ax3soft captured a lot of messages beginning with that there is an issue with your Google Adwords account.

The message pretends to be coming from Adwords@google.com, actually this address is fake. The original address comes from User local host (127.0.0.1) with the connection IP 128.175.13.92 and listens to the host name copland.udel.edu in the US. It is very similar that this computer is included in a bonnet ever since the messages are coming from one source.

When we follow the URL hxxp://www.google-bx.com/accounts/signin.html,

It is not suggest us to do this; it will take you to the phishing web site that looks very like to the original Adwords webs site.

The different marks are used the red arrow and some explanation. Let’s have a look at the phishing web site.

Let’s take a look at the original web site

We know a “Fedora Core Test Page” when we visit the root of the web site so this is hosted by them from the subfolder/accounts/.

It will request the page login if we fill in some virtual login and password and we are redirected to the original Google Adwords web site. once you filled you real account and personal information, you would be the phishing victim from that moment.

MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE registered the domain google-bx.com with the details as followings:

Domain Name.......... google-bx.com

  Creation Date........ 2009-10-01

  Registration Date.... 2009-10-01

  Expiry Date.......... 2010-10-01

  Organisation Name.... denis rogers

  Organisation Address. 22th fireball ave

  Organisation Address.

  Organisation Address. new york city

  Organisation Address. 74836

  Organisation Address. NY

  Organisation Address. UNITED STATES

Admin Name........... denis rogers

  Admin Address........ 22th fireball ave

  Admin Address........

  Admin Address........ new york city

  Admin Address........ 74836

  Admin Address........ NY

  Admin Address........ UNITED STATES

  Admin Email.......... little_magic_0001@verizon.net

  Admin Phone.......... +1.8917288100

  Admin Fax............

Tech Name............ denis rogers

  Tech Address......... 22th fireball ave

  Tech Address.........

  Tech Address......... new york city

  Tech Address......... 74836

  Tech Address......... NY

  Tech Address......... UNITED STATES

  Tech Email........... little_magic_0001@verizon.net

  Tech Phone........... +1.8917288100

  Tech Fax.............

  Name Server.......... rns1.google-bx.com

  Name Server.......... rns2.google-bx.com

It hosts the malicious site on 201.11.70.175.this IP comes from Brasil Telecom based on an IP WHOIS.

We have added some new policies of Ax3soft Sax2 to detect the Trojan, please update the policy basic knowledge of Sax2 in time.

For more information, please visit http://www.ids-sax2.com/ComputerSecurityNewsletter.htm