[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <418A9F5F.7080308@davewking.com>
From: davefd at davewking.com (Dave King)
Subject: New Phising attack FUD or Real?
There have been several sites that have announced a new phishing attack
that's been found in Brazil that rewrites the hosts file so that when
certain bank urls are entered they get directed to the site in the hosts
file rather than look it up on their DNS server. While I've never seen
such an attack, I've been expecting this to happen eventually (if it
hasn't already happened).
The part of the stories I've read that seem a little strange is that
they say this attack will happen without any type of user interaction
besides opening the email. It seems that the writers are leaving out
the unpatched Outlook, no SP2 and basically assuming that the user is
using either Outlook or Outlook Express. It seems that the machines
I've mentioned would not only have to open the email, but manually run
the script. While I'm not saying this wouldn't ever happen, it's not
what they're saying. To me this is spreading FUD and not responsible
reporting.
Let me know if I'm wrong and other mail clients would be vulnerable to
this attack or if SP2 machines are vulnerable. I also believe it is a
good idea to disable WSH unless you need it (as it's a good idea to
disable anything you don't use).
Here are links to several stories about this new phishing scan.
http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20041104/tc_cmp/51202564
http://story.news.yahoo.com/news?tmpl=story&cid=75&e=3&u=/nf/20041104/tc_nf/28135
http://www.net-security.org/press.php?id=2626
http://www.vnunet.com/news/1159171
http://www.theregister.co.uk/2004/11/04/phishing_exploit/
the only article that seems to says anything about patched users being
protected that I could find was this one:
http://software.silicon.com/security/0,39024655,39125549,00.htm
Dave King
http://www.thesecure.net
Powered by blists - more mailing lists