Web Hosting News

  Home arrow Web Hosting News arrow Page 4 - Spam and Phishing News Roundup
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

Spam and Phishing News Roundup
By: Terri Wells
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 3

    Table of Contents:
  • Spam and Phishing News Roundup
  • Spammers Get Service Providers
  • EarthLink Gives its Users a Secret Identity
  • Phishing in Strange Waters

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    Spam and Phishing News Roundup - Phishing in Strange Waters

    (Page 4 of 4 )

    Is it possible for the phishers to get clever enough to bypass anti-spam and anti-phishing tools? And how would they do it? In early August of this year, the School of Media, Film and Theatre at the University of NSW found out that the answers were “yes” and “by subverting a trusted site.” The story might not be the most recent news, but it is instructive of what could become a trend and certainly a security risk to guard against.

    UNSW’s central IT services organization discovered an issue with one of its servers, which was then taken offline immediately. The server, which was incidentally a Macintosh, was being used to host a potentially malicious file. The file was disguised as a Microsoft security patch. This file worked in conjunction with spam email sent out the night before the problem was discovered. This spam message was spoofed to appear as if it was coming from Microsoft support.

    As you would expect, recipients of the message were treated to a story about a zero-day vulnerability which they could only avoid by following the link in the email and putting the patch in place within 24 hours. The link appeared to lead to Microsoft’s web site, but instead took the user to the university’s web site and the suspicious file.

    It isn’t just universities that are falling prey to this tactic. WebSense recently discovered that Samsung Telecom’s website was unintentionally playing host to a Trojan horse. The Trojan supposedly only affected users that tried to download anything from the site, but it was particularly evil: it disabled antivirus programs, modified registry keys, and logged keystrokes. The suspicion is that if hackers could do this, they might well have had access to Samsung’s web site code, and could have set it up to put malware on visitors’ computers, even if the visitor did nothing more than look at the site.

    This puts web surfers in a very unhappy position. Tom Chan, enterprises and client services manager for Messagelabs Asia Pacific, explained the situation of a hapless victim: “You have gone to a legitimate web site, you have not made a mistake and done everything right, but then your information gets compromised…because [the phishers] have taken over servers that belong to other people.” It’s yet another indication that we all have to be careful out there. At least these attacks can be shut off more quickly that conventional phishing attacks; once the company whose site is being hijacked finds out about it, they can get rid of the problem.

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.


    - FreedomPop Offering Open Wi-Fi Service
    - Go Daddy Goes to India
    - Netelligent, Savvis Add New Canadian Web Hos...
    - World IPv6 Launch Happens Today
    - IT Teams Struggle to Keep Pace with Malware
    - Lulz Security Hacks CIA, Takes Requests
    - Apple Unveils iCloud
    - Rackspace Introduces Cloud Load Balancers
    - Amazon Offers Cloud Drive, Disses Music Indu...
    - New Android.Pjapps Trojan
    - Copyright Fight over Hurt Locker Downloads I...
    - Data Reveals Many Browsers Remain Unpatched
    - PandaLabs Report - What Happens to Stolen In...
    - Safari Books Online Review
    - Hackers Targeting Human Rights Groups

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap