Slashdot Mirror
Cybercriminals Create 57,000 Fake Sites Each Week
wiredmikey writes "In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands. eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered. Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals. Banks comprise the majority of fake websites by far with 65 percent of the total. Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today."
Yeah but most of them just link to http://www.youtube.com/watch?v=oHg5SJYRHA0
If you prioritize Google and Bing to look at and monitor those new sites, wouldn't it be trivial to search for those company names and alert the ISP to revoke the site?
First.
Now, when they talk about how much information humanity creates every year, don't be so awed: a lot of it is this useless junk.
57,000 sounds like a lot of sites, but when they more than likely all use a few of the same templates it isn't that difficult to accomplish.
I don't use any of the listed services*, I'm not being targeted!
* - Before you ask, yes, except for the IRS. But there's not much I can really do about that one.
It is interesting that 57,000 sites can be created per week at a cost which still allows for a profit. I know that some of these sites are created using phishing kits, but does every one of these 57,000 sites represent an individual effort? TFA doesn't give any details of how such high numbers of fake sites are created, but I would expect that a large number of them are programmatic variations of the same site, hosted on different machines/networks. How many people are actually employed by the phishing con game?
"Please describe the scientific nature of the 'whammy'" - Agent Scully
The IRS pretty much doesn't give a shit - they're pretty blaze about it when contacted.
Like everything with the internet:
ALL spam emails are scams. That's what I tell people when they ask about this shit.
RIP America
July 4, 1776 - September 11, 2001
I'm honestly surprised that battle.net or World of Warcraft didn't make the top 10. Anyone who's been targeted by their phishing mails is probably familiar with domain names like "battle-auth-blizzard.com"
Ebay has always been shit for customer service and being targetted like this. The customers never catch a break.
How many other potential sources of news /. submitters are missing.
Assuming a "site" == new domain, that would give us roughly 6%* of the registered domains per week are used for phishing...
Curious what the percentage is for porn sites
* using these statistics.
I know that DNS vulnerabilities are being addressed finally. Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Slow down everyone. No one would argue that ASP.net sites aren't bad, but calling them criminal is a bit much.
"articles" of this nature. When a company hocking a security product releases earth-shattering statistics for hackers and malware it is not research, or an investigation with any independent credibility. This is marketing fearmongering designed to get people to buy the product.
Good people go to bed earlier.
The registrars could do their part to shut down the bogus websites faster - by invalidating the WHOIS records - but they don't. Of course, we all know why they don't; it's because they make money by chosing to not do that. Of course if you read into the existing WHOIS records for the bogus websites you'll find that quite a few of them already have bogus WHOIS data; often the only part that means anything is the DNS referral, which shows quickly whose side the registrars are on.
If our good friends at ICANN actually gave half a shit about the problem they would crack down on complacent registrars, but that isn't very profitable for them, either.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
As long as stupid or ignorant people exist, social hacks will work.
Wouldn't a good next step be to eliminate domain registrars that allow these sorts of sites to get created in the first place?
I agree whole-heartedly that something should be done about the crooked and complacent registrars. The problem is, who should take the action? The most logical step is ICANN, since they handle registrar accreditation, except they have shown repeatedly that they will not take any meaningful steps. And of course, ICANN only does accreditation for registrars of the largest TLDs (for now), so anything from another country's list of TLDs is beyond their jurisdiction (and soon pretty much everything will be beyond their jurisdiction).
So if ICANN won't do it, who then should? It is pretty well impossible to take legal action against the registrars and expect anything meaningful to come of that, so unless you want to advocate vigilante justice you're just SOL.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I always think of the recollections in Levy's "Hackers" when the early days' programmers at Berkeley and MIT would insist security was only for fascists and even balked at passwords for accounts. Computer security will probably never catch up because it was never a focus at the start. What's always among the first things now when making a new software package but how to segment permissions, etc, but that's always on a system whose underlying base has security issues. Sigh, dang hippies!
The thing with social hacks, and a lot of things that script kiddies/hackers/maladjusted people do is... well, the "hackers" think of themselves as great for accomplishing this great feat of breaking into someone's property or outwitting them. It's like a kid jumping over a picket fence into someone's garden, and making a big deal because they broke through the guy's defenses. What they don't realise is that the guy with the picket fence has better things to do than mess up his front yard building impenetrable defenses, just to protect against the slight chance that you might mess up their grass. The average person just doesn't care about security, the way IT pros do. And in most cases, that's a fairly sane way to prioritise. This is only a problem in two ways:
* banks, e-commerce, and a few other kinds of site with sensitive data have a responsibility to protect confidential information. In this case, the site operators need to step up their game, but they usually know that.
* insignificant servers can be used to launch attacks on sites/systems that matter. But that's more of a problem for it pros, not the insignificant sites.
I receive at least one email a month from someone posing as my ISP. They'll spoof the name like supportcomcast.net instead of comcast.net and attempt to solicit information. They can get pretty elaborate. The last one actually had a guy hiding behind the chat program pretending to be support. He needed information due to an audit of my email account. I was bored and kept him on the thing for about 30 minutes laughing at him.
"I guess I'm gonna fade into Bolivian."
>with eBay taking the spot as the No. 1 most targeted brand on the Web today
That's why i will never use Ebay again, as I have kijiji right now...
It's a piece of ...uh... Steak to do this. The scanner has to have an "invalid #" error code. Then the employee just presses three buttons on the sound system.
As usual, this won't happen for a few years for "social" reasons - until some really snarky hip young-person's bistro in NYC does it.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
In looking for more work (land surveying projects in GA have diminished dramatically), I chose Craigslist as one source for job hunting. I saw an ad for a company I've never heard of, so I used the middle-click feature of NoScript. Sure enough, the WOT scorecard, McAfee Site Advisor rating, wmtips info and google safe browsing diagnostic turned up zero information about the (non-existent) company. The subjective and amorphous language on their page pretty much gave it away, but it never hurts to check.
Now that we've got .co domains ... to go right along side .com domains, I'm sure that taking advantage of the missing 'm' is going to be the most common practice in the world. .co was a fucking retarded idea.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
"Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals." Please, please, for the love of god, grammar check your submissions. I am a proud grammar nazi because it really hurts my brain when I have to read a summary that contains a sentence that is missing a verb. How does this even get posted like this? Something is wrong here.
If you want someone to monitor websites, goto 4Chan.
Besides, search-engines are Moochers just like their end-users: they both steal content and will be shut-down eventually like MySpace and Friendster as soon as another drug replaces the middle-man like Chat over CBRadio.
Home Boyz and Fly Girlz, homo domesticus tis clearing out your ya Bank accounts... I have 100 trillion billion dollars printed freely by the IMF and if you help me me plz, you too can buy arms, become rich and siphen off international aid funds, corrupt governments. drink oil, eat diamonds. Well you get the idea "Fools Gold".
All cows eat grass!
1. Currently most DNS records have Time to Live of a few days to a week. I would expect that servers of secure sites would want much longer times than this. Clients then know that certain servers are to be connected at specific addresses, and bring up an alarm when the last IP of record for server.foobank.com has changed.
2. I'm always suspicious when any web site makes reference to a server outside of it's own domain. Is this not also a place that responsible secure servers could take a step. Couple this with browsers that recognize this step. (Perhaps special content on the web page, or an added HINFO record in DNS.) Thus the people in charge of foobank.com can take steps that in the long run will make them harder to spoof.
3. As criminal domains are found, their registrar gets a black mark. When your computer's DNS lookup goes and gets an address, it also checks who the registrar is. (can do that in background) and records that info locally. Your brower in turn can be programmed to warn/block domains that have greater than a certain black mark fraction. Of course it would more efficient if this were done at a larger scale.
4. Registars have to pay a fine if a domain registered with them is discovered to be engaged in criminal activity?
5. One of the DNS requests that is sent when you encounter a new domain name is a recursive one finding out when the domain was originally registered. (Not speaking of individual hosts, the domain) If foobank.com has been around for 50 years, but the domain is only 7 days old, I'm going to be suspicious. Indeed. Email servers could easily opt to not accept email, or alternately flag email when it came from a domain less than X days old. This in turn could mean that a young domain is scanned more closely for fraud & spam indicators.
Some of these won't work as done. Surely however this can be fixed.
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.