The MS Team just came across a new Email Phishing spoofing the PNC Bank!The PNC phishing email will route you to the spoofed PNC Bank site so they can steal your banking info. The Phishing email tells you to restore your account! The Spoofed Site will steal your banking info and even send you a nice Trojan and Key-logger to capture all your personal data.
PNC is a highly diversified and growing financial services organization spanning the retail, business and corporate markets.
PNC Bank Targeted attack: hxxp://www.pnc-client155r22.com.
The site is associated with the BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD registrar which is known harbor the Pharma Scam, Fake Software and Fake Rolex Sites.
<PNC Phish Sample>
From: PNC Bank [mailto:Alert@pnc.com]
Sent: Saturday, June 19, 2010 9:51 AM
To: <Joe SixPack>
Subject: Notice – Pnc
Dear PNC customer,
Protecting the security of our customers and the PNC, as a preventative measure, we have temporarily limited access to sensitive account features. Please take the following steps to ensure that your account has not been compromised and restore your account: “h–p://www.pnc-client155r22.com”
2010 PNC and Co, Inc. All rights reserved. Member SIPC (2009-4236090)
Malware Links h–p://www.pnc-client155r22.com/ http://www.pnc-client155r22.com/ Seite h–p://www.pnc-client155r22.com/ wird ge.ffnet ?O
- statse.webtrendslive.com <– Tracking cookies!
Malicious HTTP Traffic:
Request: [ GET /images/Conversion495x159WelcomeNatCityV2.swf ], Response: [ 200 “OK” ]
From 1051 to 184.108.40.206:80 – [ http://www.pnc-client155r22.com ]
Request: [ GET /images/Requester_003.jpg ], Response: [ 200 “OK” ]
From ANUBIS:1052 to 220.127.116.11:80 – [ http://www.pnc-client155r22.com ]
Request: [ GET /images/Requester_002.jpg ], Response: [ 200 “OK” ]
From ANUBIS:1053 to 18.104.22.168:80 – [ http://www.pnc-client155r22.com ]
Request: [ GET /images/Requester_004.gif ], Response: [ 200 “OK” ]
Request: [ GET /dcsx2yobi00000w45we0xdcvj_6x2g/wtid.js ], Response: [ 200 “Ok” ]