AusCERT (Australia's national Computer Emergency Response Team) security analyst Jamie Gillespie said federal police officers at Australian High Tech Crime Centre (AHTCC) were seeking to have a domain name linked with the phishing scam shut down.
The domain name aicworld.info, registered by Paris-based ICANN accredited registrar Gandi.net, was a consistent element in many recent phishing attacks on Westpac, ANZ and Commonwealth Bank customers.
According to Gillespie, the domain has a persistent presence in a worrying new mode of operation in the phishing sphere that AusCERT has never seen before.
Typically phishing scam operators use spam e-mails to acquire, by either persuasion or force, online banking details of Internet banking customers.
Until recently many of the e-mails contained links to decoy replicas of banking sites capable of capturing banking details.
The newer series of scams are gaining sophistication. They involve sneaking malware and Trojans capable of capturing Internet banking information without the victim's knowledge via security holes in Windows native Web browser, Internet Explorer. The information is then sent to an arbitrary e-mail for later collection.
Typically, that requires the scam operators to lure victims to one of hundreds of URLs and IP addresses pointing to compromised machines stealthily running Web servers in lying in wait to deliver the malicious code.
The aicworld.info domain acts as a common front door redirecting victims to a range of compromised sites, allowing the scam operator(s) to vary the security vulnerability type they employ at will.
The authoritive name server for the domain name is also being changed by the scam operators at regular intervals, rendering effort to block the domain useless.
Gillespie said Gandi.net is the only authority that can cancel the domain name and it won't unless Australian authorities can provide proof that its operator is acting illegally.
"The registrant has a set of acceptable use policies and set of guidelines on how they proceed in de-registering domains names and they are simply following those guidelines," said Gillespie.
However Gillespie claimed a lack of pre-existing relations with French authorities were slowing the process down.
AHTCC yesterday would not confirm or deny whether Federal Police were involved in discussions with French authorities.
However, the computer crime specialist agency released a public advisory urging consumers to take steps to protect themselves from fraud online.
-We will continue to work closely with industry and the Australian Banking Association in our battle with this increasingly sophisticated form of crime," said AHTCC director Alastair MacGibbon.
For now the agency is advising consumers to use their common sense.
The AHTCC has released a set of guidelines for consumers to combat fraud:
Online activities
- Banks don't send e-mails to customers asking them to log onto their site. If you get an email from your bank requesting any of your details, it's fake and should be deleted.
- Don't open e-mail messages from people you don't know (such as spam e-mail).
- Don't click on hyperlinks (underlined blue text).
- Don't conduct sensitive (banking, etc) activities on public computers such as those found in Internet cafes, public libraries and hotel foyers.
For the home or office PC
- Purchase anti-virus software and regularly update it (this can be done automatically).
- Purchase a firewall (this program prevents your computer communicating in ways you haven't authorised).
- Purchase anti-spam software or subscribe to an Internet Service Provider who provides this service.
