An ongoing phishing attack against UK taxpayers is being given additional credibility by using a gov.uk domain. Sefton Council is hosting the phishing content on its Novel GroupWise 7.0 site at web11.sefton.gov.uk.
The phish follows one of the typical ploys commonly seen in HMRC and IRS phishing attacks: The victim is led to believe that they can receive a tax refund by submitting their full credit card details, but these details are instead sent directly to the fraudster behind the attack.
The fraudulent form submits the victim's details to a PHP script hosted at www.zamoh.biz.
The UK's Central Office of Information is responsible for deciding who can register gov.uk domains. Eligibility is strictly limited, which helps to preserve the integrity of the gov.uk namespace; however, this obviously has an undesirable effect when this integrity is leveraged by fraudulent content on compromised servers. Netcraft has informed Sefton Council about this phishing attack.
Netcraft provides an Automated Vulnerability Scanning service which regularly tests your internet infrastructure, supplies the information you need to maintain your security and eliminate vulnerabilities, and audits that it has found no serious vulnerabilities using a dynamically generated seal.
In the August 2009 survey we received responses from 225,950,957 hostnames — 13.7M less than in July.
Much of the drop this month is due to the expiry of a large number of sites at The Planet, including 5 million sites in the .pl top-level domain all on one IP address, which were believed to be part of a linkfarm.Lighttpd Sites
Lighttpd had a significant gain this month, rising to over two million sites, just under 1% of the survey. Lighttpd is a webserver designed for high performance environments. It has a small memory footprint, a large feature set and is licensed under a revised BSD license. Originally written by Jan Kneschke, Lighttpd is now maintained by a small team of developers, and now hosts a large number of popular and high traffic sites, including mininova.org and the controversial Pirate Bay.Total Sites Across All Domains August 1995 - August 2009
Developer July 2009 Percent August 2009 Percent Change Apache 113,019,868 47.17% 104,611,555 46.30% -0.87 Microsoft 55,918,254 23.34% 49,579,507 21.94% -1.39 qq.com 30,447,369 12.71% 30,278,988 13.40% 0.69 14,226,904 5.94% 14,213,976 6.29% 0.35 nginx 10,174,573 4.25% 11,502,109 5.09% 0.84 lighttpd 1,326,240 0.55% 2,025,521 0.90% 0.34
Apache.org has been offline for 3 hours this morning, after one of their servers was compromised. Their sites were displaying the message:
The message goes on to say that the compromise is "not due to any software exploits in Apache itself", but was instead due to a compromised SSH key.
Update: Most of apache.org's sites have been back online this afternoon after they switched over to servers not compromised in the attack. Apache have released more information about the incident: an account used for backups was compromised on a back-end server. This server distributes content to Apache's public web servers, so the attackers used it to distribute scripts to the web servers; once the scripts were public, the attackers could execute them remotely, gaining access to the web servers as well. But these rogue processes were detected, so the servers were taken offline for investigation and clean-up.(more...)
Rank Company site OS Outage
DNS Connect First
Total 1 Web.com Windows 2000 0:00:00 0.010 1.197 0.039 0.119 0.353 2 New York Internet FreeBSD 0:00:00 0.010 0.123 0.071 0.148 0.362 3 Virtual Internet Linux 0:00:00 0.010 2.505 0.102 0.283 0.534 4 Hosting 4 Less Linux 0:00:00 0.010 0.296 0.105 0.215 0.428 5 DataPipe unknown 0:00:00 0.014 0.416 0.024 0.049 0.049 6 Swishmail FreeBSD 0:00:00 0.014 2.371 0.033 0.066 0.157 7 INetU unknown 0:00:00 0.014 1.246 0.088 0.184 0.414 8 www.netcetera.co.uk Windows Server 2003 0:00:00 0.019 1.368 0.079 0.161 0.383 9 Pair Networks FreeBSD 0:00:00 0.019 0.993 0.093 0.189 0.468 10 Server Intellect Windows Server 2008 0:00:00 0.019 1.090 0.112 0.227 0.455
Web.com, New York Internet, Virtual Internet and Hosting 4 Less had the most reliable hosting company sites in July 2009, with each site only failing to respond to a single request from our performance monitors.
This is Web.com's first appearance as joint number one. Web.com is the only company in this month's top ten whose site is served by Microsoft IIS/5.0. Web.com offers a variety of Linux, Windows and eCommerce hosting packages, as well as managed email and domain name registration, and web design services.
This month is New York Internet's fifth at the top of the table this year. They also made the number one spot in January, February, April and May. New York Internet offer colocation, dedicated servers, disaster recovery, web hosting, E-mail, DSL access and managed services.
This is the second month this year in which Virtual Internet has been joint first, and it has stayed in the top ten since April. Virtual Internet offer managed and cloud hosting as well as managed messaging and collaboration services.
Hosting 4 Less are one of the most reliable hosting companies for the third time this year, after coming joint first in March and April. Hosting 4 Less are based in California, and offer web, FTP and eCommerce hosting. They also run backup4less, an online backup service.
This month's top ten sees three company sites using Windows (including Windows Server 2008, 2003 and 2000), as well as three running FreeBSD and two running Linux.(more...)
In the July 2009 survey we received responses from 239,611,111 sites, an increase of around 1.5 million sites from last month. There was a substantial increase in sites on Google's Blogger service, which had 2.2 million more sites in use this month.
Although Microsoft loses active sites overall this month, Microsoft-IIS/7.0 — shipped with Windows Server 2008 and Vista — continues to grow, passing 3 million sites (with 2 million active sites) this month. 2.4 million of these IIS/7.0 sites are in the United States.
nginx had another strong month, gaining over 300,000 active sites at China Unicom and another 100,000 active sites due to continued growth at Wordpress.com.Total Sites Across All Domains August 1995 - July 2009
Developer June 2009 Percent July 2009 Percent Change Apache 112,162,110 47.12% 113,019,868 47.17% 0.05 Microsoft 59,034,213 24.80% 55,918,254 23.34% -1.46 qq.com 30,447,369 12.79% 30,447,369 12.71% -0.08 11,858,840 4.98% 14,226,904 5.94% 0.96 nginx 8,771,415 3.69% 10,174,573 4.25% 0.56 Sun 715,080 0.30% 729,507 0.30% 0.00
Rank Company site OS Outage
DNS Connect First
Total 1 DataPipe FreeBSD 0.000 1.230 0.008 0.017 0.018 2 New York Internet FreeBSD 0:00:00 0.005 0.129 0.060 0.124 0.272 3 ReliableServers.com unknown 0:00:00 0.005 0.309 0.063 0.132 0.198 4 iWeb Technologies Linux 0:00:00 0.005 1.329 0.076 0.152 0.221 5 34SP.com Ltd. FreeBSD 0:00:00 0.005 0.748 0.107 0.676 1.016 6 GoDaddy.com Inc Windows Server 2003 0:00:00 0.005 0.353 0.112 0.229 1.269 7 INetU unknown 0:00:00 0.010 1.518 0.063 0.134 0.279 8 Swishmail FreeBSD 0:00:00 0.010 0.616 0.074 0.149 0.313 9 Virtual Internet Linux 0:00:00 0.015 1.796 0.058 0.174 0.320 10 www.navisite.com Linux 0:00:00 0.015 2.205 0.064 0.555 0.698
DataPipe had the most reliable hosting company site in June 2009. The company's site responded without fail to every request made by Netcraft's performance collectors throughout the month.
This is DataPipe's second appearance at the top so far this year. Jersey City based DataPipe has established partnerships with Cisco, FreeBSD, HP, Microsoft, Oracle, Red Hat, Sun, and VMware, and its commitments to customer service were recognised in this year's Stevie Awards, where the company was listed as a finalist in the Customer Service Department of the Year - IT & Telecommunications category. The company has more than 1,500 customers in six data centres and eight business office locations in the United States, the United Kingdom and China.
Among June's top ten hosting company sites, four companies (including DataPipe) run their sites on FreeBSD. Three other companies run their sites on Linux, while the remaining identifiable operating systems is Windows Server 2003.(more...)