Posted by Laureli Mallek
Wed, 04 Jun 2008 15:44:00 GMT
Targeted spear phishing campaigns are using money to lure victims. Brian Krebs blogged this week about a two part spear-phishing attack targeting small and medium sized businesses. The attack focuses on gaining access to circumnavigating two-part authentication used in banking security.
The scam begins with an email containing specific information about the user, their business, and the bank. This email requests that users click to view or download an attached object, which installs a keylogger, according to iDefense, and a browser helper object enabling attackers to modify webpages in real time. When a user with an infected computer attempts to log into their bank account, Krebs writes that a “message is inserted into the body of the bank’s actual Web page.” The interstitial message appears to originate from the bank since it is displayed within the body of the bank’s website, and requests that the user wait 15-30 minutes before logging on. The attackers use this time, after they have intercepted the user’s authentication information, to empty the associated bank accounts.
Quoting Matt Richard, of iDefense, “If a bad guy has malicious code on a customer’s machine, no matter what you do, he’s going to have some way to get in to the customer’s account. The best you’ll be able to do is try to stop the money transfers.”
As something of a coup de grace, Krebs writes “Before the Trojan download, the attacker attempts to get the user to install their bogus root CA certificate with the ‘VeriSign Trust Network’ name.” Combining malware with a new root certificate makes it easier for the attacker to re-infect a computer in the future. Sunbelt has also spotted fake banking certificates in their blog.
In a similar attack noted by McAfee’s Avert Labs last month, a number of spear phishing emails have been playing on an ubiquitous fear: the Tax Court. So many of these emails spoofing petition requests have been received that the US Tax Court website provides a clear warning that “[t]he Tax Court is not disseminating any e-mail notice to anyone who currently has a case before this Court.”
Kevin McGhee writes, “The scammers do their homework when it comes to spear phishing. Instead of pumping out millions of emails to anybody and everybody, spear phishers send out their scams only to people they know will be susceptible to the scam. In this case a top executive–rather than the average employee–is much more likely to be involved in a court case of this nature.”
Posted in all | Tags badware, irs, keylogger, phishing, security
Posted by Laureli Mallek
Fri, 30 May 2008 18:58:00 GMT
Alex Eckelberry at Sunbelt noted a nifty phishing development: embedded forms. Phishers are spoofing forms from reputable sources- think PayPal, large banks, etc. Considering the advances in phishing: correllating name, position, and email addresses for high-level corporate interests; these emails may look very convincing in the future.
There is some irony in the content of this phishing message, which warns users that their accounts may have been highjacked by a third party – aside from the tense, the sentence is honest. Eckelberry writes: “This makes things easier: No phishing site to have to maintain. No browser-based phishing filters to worry about.” And a bit more of a pain for users.
Remember to be skeptical in cases when “service providers” diverge from normal protocols. Checking with the service provider (though not by clicking on links contained in the email) can help you avoid phishing pitfalls.
Posted in all | Tags email, phishing
Posted by Maxim Weinstein
Fri, 23 May 2008 14:42:00 GMT
Allysa Myers at McAfee blogged about this FBI press release announcing criminal charges against 38 alleged baddies from the U.S. and overseas.
According to the indictment, the Romania-based members of the enterprise obtained thousands of credit and debit card accounts and related personal information by phishing, with more than 1.3 million spam emails sent in one phishing attack. Once directed to a bogus site, victims were then prompted at those sites to enter access device and personal information. The Romanian “suppliers” collected the victims’ information and sent the data to U.S.-based “cashiers” via Internet “chat” messages. The domestic cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards, and similar cards such as hotel keys. Cashiers then directed “runners” to test the fraudulent cards by checking balances or withdrawing small amounts of money at ATMs. The cards that were successfully tested, known as “cashable” cards, were used to withdraw money from ATMs or point of sale terminals that the cashiers had determined permitted the highest withdrawal limits. A portion of the proceeds was then wire transferred to the supplier who had provided the access device information.
It’s great to see that the Romanian and U.S. authorities were able to successfully work together to bring down what sounds like a pretty serious criminal enterprise.
Posted in all | Tags cybercrime, government, phishing, stopbadware
Posted by Laureli Mallek
Thu, 24 Apr 2008 17:10:00 GMT
Earlier this week, RSA issued a warning that Rock Phish has updated their attack methods. Dark Reading writes
“Rock Phish attacks are estimated to account for more than 50% of phishing attacks world-wide and to be responsible for the theft of tens of millions of dollars from users bank accounts.”
The new Rock Phish attack combines phishing with a potent Trojan. When users navigate to the phishing site, Zeus, the Trojan, installs automatically onto their computers, compromising personal information revealed through future internet use, and allowing the computer to be externally controlled, according to ITNewsAustralia. Uriel Maimon, an RSA representative, opined: “The Zeus Trojan has many startling capabilities… As I look on this blissful union of fraud and crime technologies, I can only envy the criminals who can find such coupling.” This type of potent cooperation is becoming increasingly common within badware production
Despite longevity (they have been suspected of operating since 2004) and level of activity, Rock Phish has managed to remain hidden, inspiring disagreements as to whether it is a group, an individual, or even how the term should be applied. Rock Phish has been known for innovative phishing capabilities including unique URL generation to circumnavigate blacklist restrictions.
This new level of interaction will no doubt be as problematic as it is interesting.
Tags phishing, security, stopbadware, trojan
Posted by Maxim Weinstein
Fri, 04 Apr 2008 15:21:00 GMT
The folks at Carnegie Mellon University have put together a fun and informative game to learn about how to avoid phishing attacks: Anti-Phishing Phil
Posted in all | Tags phishing, stopbadware
Posted by Maxim Weinstein
Fri, 04 Apr 2008 15:08:00 GMT
The U.S. Federal Trade Commission (FTC) has a quite good educational site, OnGuard Online, with online and print materials for educating consumers about malware, phishing, identity theft, and other online hazards.
They also just released a few entertaining videos that promote the site while explaining the concept of phishing.
Posted in all | Tags government, phishing, stopbadware
Posted by Maxim Weinstein
Thu, 13 Dec 2007 14:35:00 GMT
In many parts of the world, the holiday season is a time of joy and happiness. Sadly, though, many criminals and cranks take advantage of the season’s spirit to prey on unsuspecting internet users.
Last year, we posted about Santa’s own website being hacked shortly before Christmas. According to ZNet Asia, security vendor Trend Micro has warned of “a rise in malware, phishing Web sites and virus-infected e-cards attached to e-mail messages” during the holidays.
So, when shopping online from your PC (that, naturally, has all the latest OS and security software updates installed), be sure to use extra caution in the sites you visit, the links you click on, and the attachments you open.
Posted in all | Tags holidays, malware, phishing, stopbadware
|
