The Evolution of the Phisher

gurps_npc writes "An article at CNN discusses the how Phishers have moved beyond the typical email scam. Last month, Secunia (Danish security firm) documented a case where a phisher somehow modified a windows host file so that when you type in the correct url in the address, it redirects you to the phisher site. Worms and spyware are being built for the purpose of phishing, and it is also believed that phishers are attempting to compromise domain name servers. If one of these go down millions could lose their security instantly, even if they themselves have maintened the security of their computers."

Certificates changed?

[wdd1040]

And this is when users need to actually read the warnings about certificates being different than the last time accessing the site...

Again, if common-sense is used, 99% of phishing can be stopped.

Re:Certificates changed?

[x.Draino.x]

You fail to realize that the typical user doesn't even know what those certificates are for. The Slashdot crowd is probably safe for the most part, but are your parents?

Re:Certificates changed?

[Jedi+Alec]

common sense? is there such a thing? you know you shouldn't stick your fingers in the nice bright firy thingy because either someone told you stringently not to or you tried it once and got burned. to the majority of webusers out there most of this information is as understandable as a description of the precautions that need to be taken before summoning chtulhu. if someone went out and started changing the signs near highway offramps, and you've never been in the area, will common sense tip you off?

Re:Certificates changed?

You lost me.

Say I usually go to site A to do my banking. And I have a trusted security certificate for that site.

I get infected with one of these phishing worms which alters my host file so that whenever I type out the URL to site A, I get the IP address to site B.

I inadvertly go to site B. Site B doesn't require a security certificate. When would I get a warning about "incorrect" security certificates? As opposed to "expired" or "missing" certificates?

Or better yet, these phishing worms pre-install their security certificate at the same time they hack my hosts file. When would I get a warning? As far as my web browser is concerned, I'm going where I intended to go.

I think your solution solves the wrong problem.

Re:Certificates changed?

[silicon-pyro]

The parents of the slashdot crowd are behind a secure proxy located in the basement. They just call us up and ask us if its ok to procede.

Matthew 4:16-19

Simon called Peter, and Andrew his brother, casting a net into the sea: for they were phishers. And he saith unto them, Follow me, and I will make you phishers of men.

Jesus p0wns you.

Phising on Linux

[stecoop]

Email:

Although I could have written a very complex and well written virus that probably wouldn't work on you operating system I am asking you to reply with you account name, password and any other card numbers you might have.

I further ask that you forward this email message to all your friends and for that matter any one you don't know urging them to send me all your information.

Yours Truly,
Mr Phisher

Evolution of the phish?

[drivinghighway61]

Everyone knows phish evolved into amphibians.

Shouldn't it be....

[GillBates0]

phisherman.

Fishermen fish.
Phishermen phish.

It's not "Fishers fish".

Carrying the analogy further, IE becomes a "phishing net" and Windows becomes a "phishing boat". The intarweb may be viewed as the "ocean" and your average AOLer a dumb "phish". Smarter geeks could be viewed as smarter"dolphins".

Interesting, huh.

DNS? Bah!

[saintp]

it is also believed that phishers are attempting to compromise domain name servers. If one of these go down millions could lose their security instantly, even if they themselves have maintened the security of their computers.

That's why only sissies and noobs use DNS. "Don't have to remember numbers," they cry. "Makes life easier," they whine. Hah! So does Gator! But I've got the upper hand now! My security won't be compromised while posting on 66.35.250.150, bitches.

Re:and this is accomplished how?

[ImaLamer]

I was going to mod you off topic...

But I'll bite - attacks on DNS servers will direct everyone to the wrong site, Windows, Linux, UNIX, and Amiga users.

Sorry.

Cyber terrorism?

[GrouchoMarx]

Here's where our laws are truly screwed up.

On the one hand, downloading music from "unauthorized" sources such as P2P networks will get million dollar fines and, if the companies get their way, jail time, when there is actually no evidence that they are causing a loss of revenue (even if they are technically violating copyright law).

Meanwhile, people who write spyware, break into computers and DELETE data, shut down networks, and attack DNS servers in order to disrupt all traffic on the Net (roughly the online equivalent of putting tacks all over a major expressway junction) get.... what? Really, I have no problem with seeing these people get 20-life hard time.

When will the people who [ run the country | have money | bought Congress ] realize who the real threat to the Internet and to their bottom line is? It's not cheap Britney Spears fans. It's the people trying to break the Internet in order to get better advertising.

Oh wait, I forgot. Advertising is always good, because companies do it, so they can't object when someone tries to advertise. Silly me. Greedy SOBs have to stick together.

Re:and this is accomplished how?

[dioscaido]

Oh, that's right, Windows' nearly non-existent privilege system!

Hmm... lets see.

*runs regedit, tries to modify system registry keys -- ACCESS DENIED*

*runs setup.exe, windows prompts for administrator password, I don't provide it -- ACCESS DENIED*

*try to delete or modify a file on C:\Windows, or C:\Program Files\ -- ACCESS DENIED*

*go into Hardware > Device Manager , tries to change hardware settings -- ACCESS DENIED*

etc...

I dunno... seems to be working pretty well from here.

Don't confuse users choosing to run as root as having a failing privilidge system. Remove your account from the Administrator group and into the User group, and you'll see how extensive the privilidge system is. Conversely, use root as your daily linux account and see how much protection that gives you.

Re:Passwords updated

[lawpoop]

I have to disagree. People evolved to live in small, related, co-operative groups. These days most people live in large hostile cities surrounded by strangers. In order to keep society from breaking down into looting, riots, and revenge killings, the government has to constantly train people from kindergarten to stand in line, sign their name, show their papers, write checks/give their credit card numbers for the bills every month, do what the man in the suit/uniform says.

Now, you have the situation where a hostile stranger poses as a man in the uniform asking joe citizen to do what he's been trained all his life to -- show his papers, give his numbers, sign right here... are you surprised at the results?