RBN Attacking White House Anti-Drug Web Sites

In another example of the RBN revealing the true measure of their malice, White House Anti-Drug Sites have been attacked over the past week.

Malware Domain List reported on September 5th that whitehousedrugpolicy.gov, the website of Office of National Drug Control Policy had been compromised. In that instance, the site was directing visitors to a trojan:

adgallery.whitehousedrugpolicy.gov/members/Miley-Cyrus-Nude/default.aspx 198.77.71.192 adgallery.whitehousedrugpolicy.gov directs to trojan abuse@noc.privatedns.com 2009/09/05.

whitehousedrugpolicy.gov features White House Drug Policy initiatives, programs, and resources as well as, testimony and press releases. The site outlines National Drug Control Strategy goals and objectives.

Today, I found that drugs4sale.loderunner.in, which is a data receptor for the notorious Clampi banking Trojan (Trojan.Clampi) had an A record pointing to 130.94.30.137. This is the same IP address reserved for use by theantidrug.com, the "Parents: The Anti-Drug" site created by Fleishman-Hillard (a leader in international marketing and communications).

AS2914 NTTC-GIN-AS NTT Communications Global IP Network
DNS Records
base record name ip reverse route as
drugs4sale.loderunner.in a 130.94.30.137
United States

mail.theantidrug.com a 130.94.30.137
United States

the-anti-drug.com a 130.94.30.137
United States

theantidrug.com a 130.94.30.137
United States

Alexei Vasiliev, a familiar RBN criminal involved in the propagation of the Clampi banking Trojan, used his email address (alexvasiliev1987@cocainmail.com) to register one of the known Clampi domains.