Low risk for now, but could be a sign of worse to come...
Published: 3 November 2004 12:28 GMT
A phishing scam has been detected which doesn't even require users to click on a link in order to jeopardise their personal data while banking online. Simply opening the email may be enough.
Although MessageLabs who discovered this new technique, is saying the fairly crude scam is very low risk and not yet seen in Europe, it is a worrying development which users and banks should be aware of.
When the email is opened a script is run which rewrites the host files of targeted machines. The effect of this is the next time they attempt to access legitimate online banking, at one of the targeted banks, the new script, which has been lying in wait for such a moment, redirects the user to a fraudulent website which apes the site their were attempting to legitimately access.
Alex Shipp, senior antivirus technologist at MessageLabs, said: "This script silently modifies the users' machines and creates this vulnerability. The next time the user goes to bank online, that's when it will get them."
So far the company has only intercepted a relatively small number of these new phishing emails in South America where they are targeting three Brazilian banks, but as ever with malicious activity online any success will likely see the scams spread to new territories.
Shipp said this first iteration of such a covert phishing technique will only affect users who have Windows Scripting Host enabled and certain ActiveX controls and he believes the majority of users with up to date patches, or the most recent versions of Outlook, where such features are switched off as standard, will be protected.
But it is the general trend which is causing the most concern.
"Perhaps Brazil was targeted by this first, fairly basic email because the writers knew there were a large number of unpatched PCs there, but the worry is that this could become more advanced," said Shipp, warning that future iterations of such a scam may employ java script or similar means to create such a vulnerability on users' machines.
MessageLabs is currently detecting between 80 and 100 new phishing websites every day.
Where would the responsibility lie for this, with ...
Brian Burkill
Glad to see that at least one bank is stepping up ...
Nick Owen (www.wikidsystems.com)
Perhaps the hosts file system needs to be updated....
Anonymous
Relevant Skills Required * Expert level knowledge in one of C# / Wintell platform * Knowledge of FX business / financing background * Knowledge of ...
Building and maintaining a cartography of the market data usage of Market data applications Core Competencies: • Market Data Commercial ...
Performing vulnerability scans against both network and server devices Our clients include 7 of North America's top 10 financial institutions, 9 of ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech