funsec mailing list archives
RE: The end of Phishing in sight?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 18 Oct 2005 10:50:39 -0400
The economics of this approach are very costly to the fraudster.
I don't think the technology and manpower are very costly at all. The bad guys just need to write a couple of scripts. One script at the phishing Web server sends the login information to an operator's computer. The second script is running on the operator's computer receives this information and automatically logs into the online bank account. It then beeps the operator to start stealing money. The operator can even work as a contractor for the frauster. Given the payback, fraudsters will quickly implement these kinds of systems. The script that runs on the operator's computer can easily written in less than a 100 lines of JavaScript running as an HTML application (.HTA). It uses XMLHTTP to poll for login information and ActiveX interface into IE to automate the login process. This demo would make for great TV. The camera would show a "victim" going to a phishing Web site and a second computer belonging to the "bad guy" log into the real online bank account. Richard _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: The end of Phishing in sight?, (continued)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 17)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 17)
- Re: The end of Phishing in sight? Mark C (Oct 17)
- Re: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: Re[4]: The end of Phishing in sight? Marius Gheorghescu (Oct 17)
- Re: Re[4]: The end of Phishing in sight? Douglas F. Calvert (Oct 17)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- Re: The end of Phishing in sight? Security Lists (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 18)
- The end of Phishing in sight? Gary Warner (Oct 18)
- Re: The end of Phishing in sight? Valdis . Kletnieks (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- Re: The end of Phishing in sight? Blue Boar (Oct 18)
- RE: The end of Phishing in sight? Jeff Rosowski (Oct 18)
- RE: The end of Phishing in sight? Richard M. Smith (Oct 18)
- RE: The end of Phishing in sight? Blanchard_Michael (Oct 18)
(Thread continues...)
- RE: The end of Phishing in sight? Henderson, Dennis K. (Oct 17)