Slashdot Mirror

← Back to Stories (view on slashdot.org)

No-Click Phishing On The Way

Posted by timothy on from the sorry-windows-only dept.

An anonymous reader writes "MessageLabs has discovered a pretty nasty - though fairly crude - phishing scam which doesn't even require recipients to click on a link in order to hand over personal data. Simply opening the email is enough to activate a script which 'lies in wait for its victim' according to one report. The script rewrites the host files of the machine and directs users to a fake web page the next time they legitimately attempt to access an online banking page. ... However, this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls, according to MessageLabs."

8 of 301 comments (clear)

  1. What by Pingular · · Score: 5, Interesting

    are people that are, for example, at work, and can't turn off Windows Scripting Host and certain ActiveX controls? Not open emails? Surely there should be a solution to this.

    --

    When anger rises, think of the consequences.
    Confucius (551 BC - 479 BC)
  2. Makes me glad I use pine by Colonel+Panic · · Score: 4, Interesting

    I ssh into my ISP and use pine to read email. Been doing it this way for over 10 years. Some people find this a bit quaint, but I don't have to worry about any worm/virus/phishing issues.

  3. Well... by northcat · · Score: 3, Interesting

    This is what happenes when applications try to do more than what they are supposed to do. An email client is just supposed to read and send messages. All "dynamicness" and interactivity must be left to the appropriate programs. And this is exactly where *NIXes excell. You can't do a scripting exploit in 'mail' - Why? Because you can't do scripting. Let the current do-eveything software industry led by Microsft be a lesson to all programmers. Let's keep our programs simple. Let's continue the UNIX philosophy of one program for one task.

  4. Re:Simple solution...don't use HTML mail by Neil+Watson · · Score: 4, Interesting

    Very true. Just recently I discovered that a business partner (telecom industry) has begun rejecting HTML email. I wonder if that policy will survive?

    --
    UNIX/Linux Consulting
  5. Re:A possible solution? by Anonymous Coward · · Score: 1, Interesting

    re: is there a way to lock down the hosts file
    [No. Marking the file read-only is useless because it is trivial for a program to mark it writable given the prevalence of Admin users.

    Best you can do is be notified when it changes.

    There is a free program called WinPatrol that will notify you with a popup dialog if the hosts file has been changed. Drawback: it polls once every 3 minutes by default.

    I recently wrote a program that notifies me when the hosts file has been saved. The interrupt model is much better.

    The algorithm is roughtly:
    . Startup
    . Read hosts file into VM
    . hook into Windows file system notification system
    . loop forever
    . when notified of change, compare the VM copy against the HD file.
    . endloop

    I think the computing world would be a better place if everyone wrote their own spyware utilities because then the crapware vendors would have no obvious targets (e.g. look for and disable SpyBot or AdAware, CWShredder, etc.)

    --Bruce

  6. Reminds me of Autoexec.bat attacks by siastbill1 · · Score: 2, Interesting

    When I was younger, I used to write little batch files that would mess up my friends autoexec.bat file. I would give them a game on a disk, and then tell them to play the game they had to type go (go.bat). The batch file would then backup their autoexec.bat file and replace it with my tampered version. Then when they rebooted their computer, blammo.

    I would have it execute gwbasic programs that would continiously loop "your computer is screwed", or that would just bleep out sounds from the PC speaker. I even wrote a program that would pretend to format your floppy drive (a continous loop that constantly tried to load a file from A:>)

    People were so clueless they actually thought they had a virus. After people started using 2000 and XP I kinda figured that this sort of simple fake hack was over, but then I forgot about the hosts file. I think I'm goona change my grandma's computer so that google.ca resolves to playboy.com :)

    Another simple fake hack is to erase the boot.ini file. It makes your uncle think his hard drive is mangled.

    Ah windows, it's the one constant I can always rely on.

  7. Re:Two factor is an illusion for these users by LiquidCoooled · · Score: 2, Interesting

    To get onto my internet banking, I have a custom (selected by myself) security code, this is seperate and distinct from my PIN number (its also longer).

    When I log into my bank, I give my Account number, some other personal info, and then a randomly chosen selection of numbers from my security code (something like tell us the first, third, and seventh digits).

    I can only setup this number by speaking directly to the bank, and since its never asked for in full, I would need to be fooled multiple times before anybody could access my account.

    My bank (HSBC in England) are very security concious, and responded extremely rapidly to a security concern I had when setting up my banking (I mentioned a possible security loophole to the assistant who passed it back to the head office who took me seriously and followed it through to resolution).

    --
    liqbase :: faster than paper
  8. Not a problem by RzUpAnmsCwrds · · Score: 2, Interesting

    Recent versions of Outlook (2000 SP1 and beyond) and Outlook Express (IE SP1 and beyond) display emails in the restricted sites zone. Neither ActiveX nor Javascript are allowed to execute in the restricted sites zone.

    This also doesn't affect anyone using SP2 either.

    Move along, another already patched Microsoft vulnerability.