Low risk for now, but could be a sign of worse to come...
Published: 3 November 2004 12:28 GMT
A phishing scam has been detected which doesn't even require users to click on a link in order to jeopardise their personal data while banking online. Simply opening the email may be enough.
Although MessageLabs who discovered this new technique, is saying the fairly crude scam is very low risk and not yet seen in Europe, it is a worrying development which users and banks should be aware of.
When the email is opened a script is run which rewrites the host files of targeted machines. The effect of this is the next time they attempt to access legitimate online banking, at one of the targeted banks, the new script, which has been lying in wait for such a moment, redirects the user to a fraudulent website which apes the site their were attempting to legitimately access.
Alex Shipp, senior antivirus technologist at MessageLabs, said: "This script silently modifies the users' machines and creates this vulnerability. The next time the user goes to bank online, that's when it will get them."
So far the company has only intercepted a relatively small number of these new phishing emails in South America where they are targeting three Brazilian banks, but as ever with malicious activity online any success will likely see the scams spread to new territories.
Shipp said this first iteration of such a covert phishing technique will only affect users who have Windows Scripting Host enabled and certain ActiveX controls and he believes the majority of users with up to date patches, or the most recent versions of Outlook, where such features are switched off as standard, will be protected.
But it is the general trend which is causing the most concern.
"Perhaps Brazil was targeted by this first, fairly basic email because the writers knew there were a large number of unpatched PCs there, but the worry is that this could become more advanced," said Shipp, warning that future iterations of such a scam may employ java script or similar means to create such a vulnerability on users' machines.
MessageLabs is currently detecting between 80 and 100 new phishing websites every day.
Where would the responsibility lie for this, with ...
Brian Burkill
Glad to see that at least one bank is stepping up ...
Nick Owen (www.wikidsystems.com)
Perhaps the hosts file system needs to be updated....
Anonymous
Work with clients to scope targeted and specific projects and studies that they may request. Our clients include leading investment banks in Europe ...
Working through large quantities of information you will enrich excel spreadsheets, analyse and interpret DTCC data, and reason through targeted ...
Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy