Slashdot Mirror

← Back to Stories (view on slashdot.org)

No-Click Phishing On The Way

Posted by timothy on from the sorry-windows-only dept.

An anonymous reader writes "MessageLabs has discovered a pretty nasty - though fairly crude - phishing scam which doesn't even require recipients to click on a link in order to hand over personal data. Simply opening the email is enough to activate a script which 'lies in wait for its victim' according to one report. The script rewrites the host files of the machine and directs users to a fake web page the next time they legitimately attempt to access an online banking page. ... However, this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls, according to MessageLabs."

18 of 301 comments (clear)

  1. Pegasus Mail! by rearl · · Score: 2, Funny

    ...doesn't execute HTML or scripts. Use it, be safe!

  2. you've been served by bathmann · · Score: 5, Funny

    No-click phising? That's infringing on Amazon's one-click patent!

  3. So that's the reason by Anonymous Coward · · Score: 5, Funny

    The virus apparently also redirects visitors of AOL Support Forums to Ask Slashdot, which explains the recent postings.

  4. same thing works on linux by Anonymous Coward · · Score: 5, Funny

    but you have to manual make the suggested changes to your /etc/hosts file after getting root access and using your editor of choice.

    not quite "no-click", but linux does support this feature.

    [/humor]

  5. thats why by Anonymous Coward · · Score: 2, Funny

    that's why I never keep any personal info on a computer. in fact I have outlook filled with entirely made up crap. names like 'hootie McBoob' and such

  6. God bless Microsoft by Anonymous Coward · · Score: 5, Funny

    For making products so easy to use that even someone you don't know can use them for you.

  7. And here I was going to switch to Windows... by RealAlaskan · · Score: 5, Funny
    However, this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls, according to MessageLabs."

    Well, I was going to switch over from Linux to Windows, because I heard Bill Gates said that ``security is our top priority'', but now I think he must have been misquoted. Maybe I'll stick with Linux just a little longer, until Windows gets those last few little bugs ironed out.

    --
    See what I've been reading.
    1. Re:And here I was going to switch to Windows... by ConceptJunkie · · Score: 5, Funny

      I heard Bill Gates said that ``security is our top priority'', but now I think he must have been misquoted.

      No, the quote is correct, it's just taken out of context:

      "[Our financial] security is our top priority".

      --
      You are in a maze of twisty little passages, all alike.
  8. Re:definition by Anonymous Coward · · Score: 3, Funny

    for those who don't know what phishing is

    Slashdot - news for n00bs, stuff that confuses

  9. Re:Law enforcement? by aurb · · Score: 2, Funny

    Are you saying they should start arresting Microsoft programmers?

  10. News Flash! by RAMMS+EIN · · Score: 3, Funny

    ActiveX is insecure!
    WSH is insecure!
    Windows is insecure!
    HTML mail can be used to exploit security flaws in user agents!

    Film at 11!

    --
    Please correct me if I got my facts wrong.
  11. Innovation by pete-classic · · Score: 5, Funny

    Will the innovation never end?

    -Peter

  12. Re:Makes me glad I use pine by slash-tard · · Score: 4, Funny

    I just use pop3 and smtp commands inside a telnet window(ex: telnet mailserver 25 or 110). I consider this the safest. I dont know what pine is doing behind the scenes.

  13. Re:Took them long enough by mfifer · · Score: 2, Funny

    Remind me to tell my mother to start using Thunderbird and Firefox and install a firewall.

    Sure. What was her email and IP address?

    ;-)

  14. Re:Took them long enough by Odin's+Raven · · Score: 2, Funny
    Remind me to tell my mother to start using Thunderbird and Firefox and install a firewall.

    Sure, no problem. But could you ask her to hold off on the upgrades until after I've finished sending out this last batch of bulk mail that I've got queued up on her box? Quid pro quo and all that. Thanks.

    --
    A marriage is always made up of two people who are prepared to swear that only the other one snores.
  15. Re:Well... by merphle · · Score: 4, Funny
    Let's keep our programs simple. Let's continue the UNIX philosophy of one program for one task.
    *coughemacscough*
  16. Zzzzzzzzz by m.h.2 · · Score: 2, Funny

    *yawn*

  17. Patented by punkkid · · Score: 3, Funny

    Didn't Amazon patent no-click phishing? Oh wait, that was 1-click phishing. Sorry!