No-Click Phishing On The Way

← Back to Stories (view on slashdot.org)

Posted by timothy on Wednesday November 3, 2004 @07:03AM from the sorry-windows-only dept.

An anonymous reader writes "MessageLabs has discovered a pretty nasty - though fairly crude - phishing scam which doesn't even require recipients to click on a link in order to hand over personal data. Simply opening the email is enough to activate a script which 'lies in wait for its victim' according to one report. The script rewrites the host files of the machine and directs users to a fake web page the next time they legitimately attempt to access an online banking page. ... However, this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls, according to MessageLabs."

10 of 301 comments (clear)

What by Pingular · 2004-11-03 07:06 · Score: 5, Interesting

are people that are, for example, at work, and can't turn off Windows Scripting Host and certain ActiveX controls? Not open emails? Surely there should be a solution to this.

--

When anger rises, think of the consequences.
Confucius (551 BC - 479 BC)
1. Re:What by Lord+Kano · 2004-11-03 07:42 · Score: 5, Insightful
  
  Yes. Don't do your personal banking at work.
  
  If the company's information gets phished because of inept IT staff, that's not your problem.
  
  Unless of course, you ARE the IT staff.
  
  LK
  
  --
  "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
you've been served by bathmann · 2004-11-03 07:07 · Score: 5, Funny

No-click phising? That's infringing on Amazon's one-click patent!
So that's the reason by Anonymous Coward · 2004-11-03 07:08 · Score: 5, Funny

The virus apparently also redirects visitors of AOL Support Forums to Ask Slashdot, which explains the recent postings.
same thing works on linux by Anonymous Coward · 2004-11-03 07:08 · Score: 5, Funny

but you have to manual make the suggested changes to your /etc/hosts file after getting root access and using your editor of choice.

not quite "no-click", but linux does support this feature.

[/humor]
God bless Microsoft by Anonymous Coward · 2004-11-03 07:09 · Score: 5, Funny

For making products so easy to use that even someone you don't know can use them for you.
And here I was going to switch to Windows... by RealAlaskan · 2004-11-03 07:09 · Score: 5, Funny

However, this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls, according to MessageLabs."
Well, I was going to switch over from Linux to Windows, because I heard Bill Gates said that ``security is our top priority'', but now I think he must have been misquoted. Maybe I'll stick with Linux just a little longer, until Windows gets those last few little bugs ironed out.

--
See what I've been reading.
1. Re:And here I was going to switch to Windows... by ConceptJunkie · 2004-11-03 07:15 · Score: 5, Funny
  
  I heard Bill Gates said that ``security is our top priority'', but now I think he must have been misquoted.
  
  No, the quote is correct, it's just taken out of context:
  
  "[Our financial] security is our top priority".
  
  --
  You are in a maze of twisty little passages, all alike.
Innovation by pete-classic · 2004-11-03 07:18 · Score: 5, Funny

Will the innovation never end?

-Peter
WHost and XP are integrated like IE and XP. by Sheepdot · 2004-11-03 07:44 · Score: 5, Informative

However, this will only affect users who have Windows Scripting Host enabled and certain ActiveX controls, according to MessageLabs.

That's like saying, "this will only affect users who have not yet switched to Linux or MacOS."

I would say that a good 98% of installations have WSHost enabled. Those that are SP2 or up to date might have the latest MS patch that I believe sets a kill bit on the Internet Explorer side of WSHost scripting under all circumstances.

This is also not really anything new. Spy and adware companies have been manipulating hosts files now for at least a year, no doubt phishers have done exactly the same thing, this is just the first reported time of it happening.

One thing you have to keep in mind is that severay so-called security experts are very bright individuals but succumb to what some call: media-whoring. This is a specific instance of a "media-whoring" by Message Labs. Let me explain my proof of this: they use ASP and IIS as opposed to something like PHP and Apache.

They are obviously not very concerned about legitimate security. There's a website that keeps track of the media fanatics: http://www.vmyths.com/

The site is run by a guy who has over a decade of solid security experience. He knows when there is something legit to worry about, and he knows when something is hype.

I suppose the best way to know is years and years of experience. If you read a lot of the security mailing lists, you'd be under the impression that the world was about to revert back to the stone age with the security threats.

But the reality is, a huge amount of idiots exist that love to overhype the security risks when it comes to viruses and worms like "I Love You" and "Sasser". Most of us know when there is going to be a big problem, but there are a huge number of others that like to spread false info.

There are others, like Mikko Hypponen of F-Secure that don't sell media hype, they sensationalize the truth. Yes, there have been instances of zombie-net owners selling their networks to spammers, but I have yet to actually see the sales, and I've been running a honeypot for well over a year now and track nearly a dozen different botnet herders.

For the most part, it looks like botnetting is still used for two things, Americans (north and south america) for File Sharing/FXPing, and Germans for DDoSing. The Russians who have been spamming have been using IE exploits and web controls, not so much IRC connections. Thus, they cannot be truly considered "botnets".