Beware of Malicious 'U.S. Government' Sites
While searching for the domain behind ScamSearch.com, we happened upon an extremely useful site, Malware Domain List, which, as its name implies, is a list of malware-laden domain names.
When we located the domain responsible for all the malware to hit our machines, we couldn't help noticing a slew of malicious sites masquerading as official U.S. government domain names, such as "ustreasury.federalbanksystem.net," "ustreasury.federalbanks.us," "usbanks.esecure-federal.us," and so on.
All of them have one thing in common: they contain an especially difficult-to-detect piece of crimeware called LuckySploit, an exploit toolkit that infects unsuspecting visitors to a site via drive-by-download, installing malware that allows cybercriminals to access personal information by keystroke logging.
Sir Paul McCartney's site was recently hacked to infect visitors with LuckySploit. ScanSafe, the security firm that detected and neutralized the program, described LuckySploit as "the most advanced and sophisticated version of crimeware toolkits."
So to make sure you don't fall victim to to these identity thieves, below is a list of fake U.S. government domain names to avoid at all costs. The sites are registered to cybercriminals from an improbable assortment of cities, including Austin, Erfurt, Valencia and Krasnogorsk.
Besides trying to fool people with official-sounding domains that infect visitors with LuckySploit, some of these registrants appear to share same Internet access providers (which we've highlighted below), suggesting some level of collusion. And at least one of them (if not all) is using a fake address as well:
ustreasury.federalbanksystem.net
According to WHOIS, this domain is registered to:
Natalya Namestnikova
ulica 50 let Oktyabrya, 12-50
Krasnogorsk
Moskovskaya obl. 143400
Russia
7 495 9378720
namestnikova@bronzemail.net
ustreasury.federalbanks.us
According to WHOIS, this domain is registered to:
Anthony Dennis
4100 Red River
Austin, Texas
78751
United States
1.5124517048
ant.dennis@namebanana.net
usbanks.esecure-federal.us
According to WHOIS, this site is registered to:
Eleodora Quintanilla
Placa Major de la Vila 62
Benaguasil, Valencia
46180
Spain
34.962738614
e.quintanilla@interlayer.net
federalreserve-online.com
According to WHOIS, this domain is also registered to:
Natalya Namestnikova
ulica 50 let Oktyabrya, 12-50
Krasnogorsk
Moskovskaya obl. 143400
Russia
7 495 9378720
namestnikova@bronzemail.net
federalreserve-online.us
According to WHOIS, this site is registered to:
Laura Weaver
945 North Montana Street (The address of La Cense Beef, i.e. a false address)
Dillon, Montana
59725
United States
1.8662554958
federalreserve@bronzemail.net
ustreasury.federalbanks.us
According to WHOIS, this domain is also registered to:
Anthony Dennis
4100 Red River
Austin, Texas
78751
United States
1.5124517048
ant.dennis@namebanana.net
ustreasury.federalbanksystem.us
According to WHOIS, this domain is registered to:
Marcel Frankfurter
Gotthardstrasse 79
Erfurt 99045
Germany
49.0361784633
marcelf@liveinternet.at
federalreserve-direct.com
According to WHOIS, this site is registered to:
Sergei V Popov
Ulyanovskiy prospekt, 2-87
Ulyanovsk
Ulyanovskaya obl. 432072
Russia
7 8422 442591
popov@namebanana.net