Hacked Chinese Bank Server Phishes for US Banks

1sockchuck writes "A Chinese bank's servers are being used in phishing attacks against U.S. institutions, apparently the first time one bank's infrastructure has been used in attacks on other banks. A hacked server from China Construction Bank Shanghai Branch is hosting pages spoofing Chase and eBay. The scam is one of numerous sites using a social engineering hook promising a $20 reward for recipients who complete a survey about the bank's online services. It then asks for your account login and password - so it can deposit the $20 in the correct account, of course. Plus your Social Security number, mother's maiden name etc."

China Construction

[Stargoat]

China Construction is a huge bank. It's the Chinese eqivilent of Chase or something similar in size. Not the People's Bank of China (Chinese Central Bank) but still huge. I'm amazed that their security is so lax. That level of incompetence is just amazing.

Re:Another reason

[$ASANY]

This is from the IP allocation documentation provided on IANA's website. It is an extremely blunt instrument to employ:

058/8 Apr 04 APNIC
059/8 Apr 04 APNIC
060/8 Apr 03 APNIC
061/8 Apr 97 APNIC
121/8 Jan 06 APNIC
122/8 Jan 06 APNIC
123/8 Jan 06 APNIC
124/8 Jan 05 APNIC
125/8 Jan 05 APNIC
126/8 Jan 05 APNIC
202/8 May 93 APNIC
203/8 May 93 APNIC
210/8 Jun 96 APNIC
211/8 Jun 96 APNIC
218/8 Dec 00 APNIC
219/8 Sep 01 APNIC
220/8 Dec 01 APNIC
221/8 Jul 02 APNIC
222/8 Feb 03 APNIC

There are other ranges where APNIC is interspersed with other stuff, but this list gets you all the /8 space which can be blocked conveniently.

Bill's Blacklist is more extensive and gets into the APNIC space that's wedged within other /8 netblocks, and he also identifies other problem children. His list is probably too agressive for your tastes if you're running a public website, though.