| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: phased at mail.ru (phased) Subject: New Phising attack FUD or Real? Certainly modifying host file is not a new idea, there are botnet style worms that do this for AV and so forth, and there are specific modified bots that target certain bank site hostnames. They are often not used on that large a scale so dont often get noticed, and the majority are self cleaning after the job has been done. The media often over hypes these things and talks shit, such as this http://in.tech.yahoo.com/041103/137/2ho4i.html. "LONDON (Reuters) - A file-sharing program called BitTorrent has become a behemoth, devouring more than a third of the Internet's bandwidth, and Hollywood's copyright cops are taking notice." I wonder where they got their data from, MORE THAN A THIRD OF THE INTERNETS BANDWIDTH! How accurate do you think this is? -----Original Message----- From: Dave King <davefd@...ewking.com> To: Full Disclosure <full-disclosure@...ts.netsys.com> Date: Thu, 04 Nov 2004 14:30:07 -0700 Subject: [Full-Disclosure] New Phising attack FUD or Real? > > There have been several sites that have announced a new phishing attack > that's been found in Brazil that rewrites the hosts file so that when > certain bank urls are entered they get directed to the site in the hosts > file rather than look it up on their DNS server. While I've never seen > such an attack, I've been expecting this to happen eventually (if it > hasn't already happened). > the unpatched Outlook, no SP2 and basically assuming that the user is > using either Outlook or Outlook Express. It seems that the machines > I've mentioned would not only have to open the email, but manually run > the script. While I'm not saying this wouldn't ever happen, it's not > what they're saying. To me this is spreading FUD and not responsible > reporting. > > Let me know if I'm wrong and other mail clients would be vulnerable to > this attack or if SP2 machines are vulnerable. I also believe it is a > good idea to disable WSH unless you need it (as it's a good idea to > disable anything you don't use). > > Here are links to several stories about this new phishing scan. > > http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20041104/tc_cmp/51202564 > > http://story.news.yahoo.com/news?tmpl=story&cid=75&e=3&u=/nf/20041104/tc_nf/28135 > > http://www.net-security.org/press.php?id=2626 > http://www.vnunet.com/news/1159171 > http://www.theregister.co.uk/2004/11/04/phishing_exploit/ > > the only article that seems to says anything about patched users being > protected that I could find was this one: > http://software.silicon.com/security/0,39024655,39125549,00.htm > > Dave King > http://www.thesecure.net > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists