News
Sass a Phisher, Get Attacked
Identity thieves target users who talk back in bogus log-in forms
By Gregg Keizer, Computerworld
August 27, 2008 — CSO —
Users tired of phishing attacks who retaliate by talking back are being targeted with exploits designed to hijack their computers, a security researcher said today.
In a new twist, phishers using the Asprox botnet have struck victims who use the scam's log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanity in place of a username or password, said Joe Stewart, director of malware research at SecureWorks Inc.
Users who know better than to divulge their online banking username and password in the forms linked from phishing e-mails, but who use words such as "phish" or a wide range of what Stewart called "bad language," are targeted for a follow-up malware attack.
"The phishers are looking for three things," said Stewart. "First, if you don't fill out the form completely, second, if you use the term 'phish.' And three, if you use any kind of bad language."
Although users who backtalk sidestep the identity theft, they may be at risk from the second-round attack, which is launched by a recent version of Neosploit, a well-known multi-exploit attack kit often used by hackers.
Users who have not kept Windows up to date, or applied patches for popular browser plug-ins, such as QuickTime and Flash, will be vulnerable to the Neosploit attacks, Stewart said.
More people than one would blast back at phishers in the log-in screens, Stewart said, noting that when SecureWorks locates data obtained by phishers, it often includes a "fair amount" of profanity and other uncomplimentary comments. "People think, 'While I'm at it, I might as well take some retaliatory action,'" said Stewart.
The Asprox botnet contains at least 50,000 compromised computers, maybe more, Stewart estimated.
"I can't recall seeing an attack quite like this before," he added.
Gartner Video: Best Practices for Web Application Security and Compliance
Faced with the growing threat of hacker attacks, how do you protect your data and your corporate reputation while increasing revenue?
Email Continuity: Don't Know What You've Got Till it's Gone
Today, more email is being sent and attachment sizes are becoming larger. This means that security, archiving, and continuity systems must be able to scale easily. Learn to manage your email better…
- Ironclad Web Conferencing: Who's listening to your online meeting?
- Jump Start Application Security Initiatives with SaaS
- Gartner Video: Best Practices for Web Application Security and Compliance
- Data Breaches: The Cost of Being Unprepared- Thought Leadership Panel Perspectives
- 2009 Data Breach Investigations Report
- Advancing Information Protection with a Built-In Approach
- The Cost-Based Business Case for Data Loss Prevention
- Strategies to Mitigate Information Risk: Data Loss Prevention and Enterprise Rights Management
- Get Sophisticated About Your Web Application Security
- Losing Ground: 2009 TMT Global Security Survey
- Unlock the Power of Device ID to Combat Online Fraud and Abuse
- Every Man's Guide to Combat Threats Within Your Organization
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Digital ID World
-
September 14 - 16, 2009Rio Hotel and CasinoRegister Now »
Las Vegas, Nevada
(ISC)2 members can earn up to 24 CPE Credits!
Reference priority code ONLINE and attend the full conference for the reduced rate of $995!
