lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <E1CPppb-000DPE-00.phased-mail-ru@f21.mail.ru>
From: phased at mail.ru (phased)
Subject: New Phising attack FUD or Real?

Certainly modifying host file is not a new idea, there are botnet style worms
that do this for AV and so forth, and there are specific modified bots that
target certain bank site hostnames.  They are often not used on that large a scale so dont often get noticed, and the majority are self cleaning after the job has been done.

The media often over hypes these things and talks shit, such as this http://in.tech.yahoo.com/041103/137/2ho4i.html.

"LONDON (Reuters) - A file-sharing program called BitTorrent has become a behemoth, devouring more than a third of the Internet's bandwidth, and Hollywood's copyright cops are taking notice."

I wonder where they got their data from, MORE THAN A THIRD OF THE INTERNETS BANDWIDTH! How accurate do you think this is?

-----Original Message-----
From: Dave King <davefd@...ewking.com>
To: Full Disclosure <full-disclosure@...ts.netsys.com>
Date: Thu, 04 Nov 2004 14:30:07 -0700
Subject: [Full-Disclosure] New Phising attack FUD or Real?

> 
> There have been several sites that have announced a new phishing attack 
> that's been found in Brazil that rewrites the hosts file so that when 
> certain bank urls are entered they get directed to the site in the hosts 
> file rather than look it up on their DNS server.  While I've never seen 
> such an attack, I've been expecting this to happen eventually (if it 
> hasn't already happened).
> the unpatched Outlook, no SP2 and basically assuming that the user is 
> using either Outlook or Outlook Express.  It seems that the machines 
> I've mentioned would not only have to open the email, but manually run 
> the script.  While I'm not saying this wouldn't ever happen, it's not 
> what they're saying.  To me this is spreading FUD and not responsible 
> reporting.
> 
> Let me know if I'm wrong and other mail clients would be vulnerable to 
> this attack or if SP2 machines are vulnerable.  I also believe it is a 
> good idea to disable WSH unless you need it (as it's a good idea to 
> disable anything you don't use).
> 
> Here are links to several stories about this new phishing scan.
> 
> http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20041104/tc_cmp/51202564 
> 
> http://story.news.yahoo.com/news?tmpl=story&cid=75&e=3&u=/nf/20041104/tc_nf/28135 
> 
> http://www.net-security.org/press.php?id=2626
> http://www.vnunet.com/news/1159171
> http://www.theregister.co.uk/2004/11/04/phishing_exploit/
> 
> the only article that seems to says anything about patched users being 
> protected that I could find was this one:
> http://software.silicon.com/security/0,39024655,39125549,00.htm
> 
> Dave King
> http://www.thesecure.net
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ