Home page
Services
Licences and fees
Surveys and statistics
Regulations, decisions and guidelines
FICORA
Contact details

Finnish Communications Regulatory Authority (FICORA)
Itämerenkatu 3 A
P.O. Box 313
FI-00181 HELSINKI

Switchboard +358 9 69 661

Television fees
Customer service +358 9 613 161

Customer service of Fi-domain names +358 9 6966 700

About cookies

 Home page > FICORA > Press releases > Year 2009 > FICORA urges network operators to take action to thwart phishing, pharming

24.11.2009

FICORA urges network operators to take action to thwart phishing, pharming

The Finnish Communications Regulatory Authority (FICORA) issued a letter to Finnish telecom operators yesterday urging them to take action against Phishing and Pharming attempts directed against Finnish online banking service users. A block of networks in the United States has been identified as participating in sustained attacks against online banking service users. This is the first time FICORA has requested such actions since June, when a bill introducing the operators a mandate to thwart phishing and pharing attempts on a network level was passed in the Finnish Parliament

Over the past few days, FICORA has received information that indicates increased activity towards Finland by a group (or groups) behind a well-known malware named Zlob. The malware works by silently changing the DNS name resolution settings in the victims' computers and redirecting selected (usually online banking service) traffic of interest to criminals to a rogue network in the United States. According to FICORA's observations, the same group of networks is repeatedly linked to similar operations. The operators in questions have used a variety of names such as "Internet Path, Inc.", "Carrier Net", "Cernel", "UkrTeleGroup" and "Intercage".

CERT-FI released a blog entry yesterday indicating network blocks critical to the functioning of the malware, specifically: 85.255.112.0/20 and 67.210.14.0/23. The former of the address ranges was indicated in a similar incident exactly a year ago. It is FICORA's opinion that these networks pose a clear and imminent security threat to the internet.

Following this judgement, FICORA sent a letter to Finnish telecom operators yesterday evening urging them to use their new mandate and take appropriate action against ongoing pharming operations. FICORA monitors the situation in collaboration with its national and international partners.

Consumers should consult the web site www.tietoturvaopas.fi for practical advice on safe use of the internet.

Background information:
The Act on the Protection of Privacy in Electronic Communications was amended in June and now gives network administrators the right to address situations where networks are being used to conduct widespread financial fraud. A typical attack scenario where network administrators' assistance is required include phishing and pharming. In phishing, end-users are first lured to voluntarily surrender their passwords and other sensitive information when visiting a fraudulent web site posing as a legitimate. In cases related to pharming, an end-user's computer is first infected with a malware which takes over and either steals the data on-the-fly or stealthily redirects the connections to fraudulent sites.


CERT-FI is the Finnish national computer emergency response team. CERT-FI is a part of Finnish Communications Regulatory Authority (FICORA).


Further information:
Mr. Erka Koivunen, Head of CERT-FI, tel. +358 9 6966 737, +358 50 309 8094
Mr. Kauto Huopio, Senior Information Security Adviser, tel. +358 9 6966 772

Page updated 25.11.2009   Print version Print version