Slashdot Mirror


No-Click Phishing On The Way

An anonymous reader writes "MessageLabs has discovered a pretty nasty - though fairly crude - phishing scam which doesn't even require recipients to click on a link in order to hand over personal data. Simply opening the email is enough to activate a script which 'lies in wait for its victim' according to one report. The script rewrites the host files of the machine and directs users to a fake web page the next time they legitimately attempt to access an online banking page. ... However, this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls, according to MessageLabs."

11 of 301 comments (clear)

  1. Predictions by Indy+Media+Watch · · Score: 4, Insightful

    this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls

    Or in other words, this will probably not affect non-Windows or non-Internet Explorer users.

    Well we could see plenty of comments along those lines coming, but here's a further thought:

    Hey banks: All of your users have plastic cards that you issued. Mandate two-factor authentication already and watch Phishing scams go bye bye.

    --

    Indy Media Watch-Proctologist of the Internet

  2. Took them long enough by marktaw.com · · Score: 4, Insightful

    Overwriting your Hosts file is an obvious way to trick people, and Outlook is a prime target for this kind of hack, because it gives incoming email rediculous amounts of control over the rest of the computer.

    Remind me to tell my mother to start using Thunderbird and Firefox and install a firewall.

  3. Re: Mozilla Thunderbird! by Frizzle+Fry · · Score: 4, Insightful
    I sincerely hope no one here is using Outlook/Outlook Express.

    Did you read the article? It says " the most recent versions of Outlook, where such features are switched off as standard, will be protected." This has been the same with many recent exploits. They only affect old versions of ms software, but it immediately gets spun here to say that no one should be using the current, safe versions. It's similar to the recent status bar spoofing issue posted here which affected firefox rc1 and opera and pre-sp2 IE, but not sp2 IE, and was of course disscussed as being a "hole in IE".
    --
    I'd rather be lucky than good.
  4. Re:What by hoggoth · · Score: 4, Insightful

    > the attacker would have to know the URL you go to for online banking and replace it in your hosts file with a different site. It seems unlikely that it would work on too many people

    Yeah, because it would be too hard to fill a hosts file with the URLs for Citibank, Chase, BankAmerica, and the rest of the top 10 or top 100 banks. Nobody could do that.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  5. Re:What by Lord+Kano · · Score: 5, Insightful

    Yes. Don't do your personal banking at work.

    If the company's information gets phished because of inept IT staff, that's not your problem.

    Unless of course, you ARE the IT staff.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  6. Yes, it would. by Ungrounded+Lightning · · Score: 4, Insightful

    would it be so difficult ... to set the file attribute on the hosts file to read only.

    a) Why should Joe Newbie Windowsbuyer be expected to KNOW that he needs to change the permissions on the host file from the install defaults?

    b) If he can do it, he can UNdo it, and so can the bad guy's script.

    c) How many OTHER holes would he have to fix? Thousands? Tens of thousands? (Remember, he only has to miss ONE.)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  7. Re:What by CatLord42 · · Score: 3, Insightful

    Right, and if you work at one of these companies and your information gets phished, they'll take care of it for you...

    --
    Meow. Now!
  8. More information please by LesPaul75 · · Score: 4, Insightful

    The last line of defense for a lot of people was checking the actual URL of a link and seeing that it wasn't really "ebay.com" or "citibank.com," and it sounds like this flaw provides a way to defeat even that test. So this is pretty serious, it would seem, which is why it's surprising that the article is so sparse on details. Wouldn't it be good to know:

    1) What e-mail applications are vulnerable (can I get this through web-based mail)?
    2) What can be disabled to prevent this? Scripting? Active-X?
    3) Is a patch on the way?

    That article is pretty crummy.

  9. Re: Mozilla Thunderbird! by Fulcrum+of+Evil · · Score: 3, Insightful

    Other people may have different needs or use software in a different environment from you and this moralizing attitude that you can decide for everyone what their software should be able to do is frightening.

    Name one. If you're passing activeX around in email, it could probably be done better some actual way. In the meantime, we all have to deal with the results of malicious activeX email.

    Incidentally, my moralizing attitude is that you shouldn't be dumping benzene upstream of me. Is that also not for me to decide?

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  10. Re:What about the certificate? by Student_Tech · · Score: 3, Insightful

    Except HTTPS uses the name and not the IP, so that if they got a cert that said they were www.somebank.com and the signer was a legitimate signer (or they convinced the user that they needed to accept that it was legit) it wouldn't set off the alarms.

    Plus I'll agree that I doubt many people check the lock (or key or whatever) says it is encrypted. Part of the reason I have my brower set to tell me everytime I enter(or leave) an encrypted site.

  11. "Cool new thing called IMAP" by hackerb9 · · Score: 3, Insightful
    There's this cool new thing called IMAP. Look into it and get with the 90's.


    Uh, that's amusing, but wrong. Pine was the first mail program to use IMAP. Both Pine and IMAP were created at the University of Washington.