Spam and Phishing News Roundup - Phishing in Strange Waters
(Page 4 of 4 )
Is it possible for the phishers to get clever enough to bypass anti-spam and anti-phishing tools? And how would they do it? In early August of this year, the School of Media, Film and Theatre at the University of NSW found out that the answers were “yes” and “by subverting a trusted site.” The story might not be the most recent news, but it is instructive of what could become a trend and certainly a security risk to guard against.
UNSW’s central IT services organization discovered an issue with one of its servers, which was then taken offline immediately. The server, which was incidentally a Macintosh, was being used to host a potentially malicious file. The file was disguised as a Microsoft security patch. This file worked in conjunction with spam email sent out the night before the problem was discovered. This spam message was spoofed to appear as if it was coming from Microsoft support.
As you would expect, recipients of the message were treated to a story about a zero-day vulnerability which they could only avoid by following the link in the email and putting the patch in place within 24 hours. The link appeared to lead to Microsoft’s web site, but instead took the user to the university’s web site and the suspicious file.
It isn’t just universities that are falling prey to this tactic. WebSense recently discovered that Samsung Telecom’s website was unintentionally playing host to a Trojan horse. The Trojan supposedly only affected users that tried to download anything from the site, but it was particularly evil: it disabled antivirus programs, modified registry keys, and logged keystrokes. The suspicion is that if hackers could do this, they might well have had access to Samsung’s web site code, and could have set it up to put malware on visitors’ computers, even if the visitor did nothing more than look at the site.
This puts web surfers in a very unhappy position. Tom Chan, enterprises and client services manager for Messagelabs Asia Pacific, explained the situation of a hapless victim: “You have gone to a legitimate web site, you have not made a mistake and done everything right, but then your information gets compromised…because [the phishers] have taken over servers that belong to other people.” It’s yet another indication that we all have to be careful out there. At least these attacks can be shut off more quickly that conventional phishing attacks; once the company whose site is being hijacked finds out about it, they can get rid of the problem.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |