Full Disclosure mailing list archives
Re: New Phising attack FUD or Real?
From: phased <phased () mail ru>
Date: Fri, 05 Nov 2004 01:11:47 +0300
Certainly modifying host file is not a new idea, there are botnet style worms that do this for AV and so forth, and there are specific modified bots that target certain bank site hostnames. They are often not used on that large a scale so dont often get noticed, and the majority are self cleaning after the job has been done. The media often over hypes these things and talks shit, such as this http://in.tech.yahoo.com/041103/137/2ho4i.html. "LONDON (Reuters) - A file-sharing program called BitTorrent has become a behemoth, devouring more than a third of the Internet's bandwidth, and Hollywood's copyright cops are taking notice." I wonder where they got their data from, MORE THAN A THIRD OF THE INTERNETS BANDWIDTH! How accurate do you think this is? -----Original Message----- From: Dave King <davefd () davewking com> To: Full Disclosure <full-disclosure () lists netsys com> Date: Thu, 04 Nov 2004 14:30:07 -0700 Subject: [Full-disclosure] New Phising attack FUD or Real?
There have been several sites that have announced a new phishing attack that's been found in Brazil that rewrites the hosts file so that when certain bank urls are entered they get directed to the site in the hosts file rather than look it up on their DNS server. While I've never seen such an attack, I've been expecting this to happen eventually (if it hasn't already happened). the unpatched Outlook, no SP2 and basically assuming that the user is using either Outlook or Outlook Express. It seems that the machines I've mentioned would not only have to open the email, but manually run the script. While I'm not saying this wouldn't ever happen, it's not what they're saying. To me this is spreading FUD and not responsible reporting. Let me know if I'm wrong and other mail clients would be vulnerable to this attack or if SP2 machines are vulnerable. I also believe it is a good idea to disable WSH unless you need it (as it's a good idea to disable anything you don't use). Here are links to several stories about this new phishing scan. http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20041104/tc_cmp/51202564 http://story.news.yahoo.com/news?tmpl=story&cid=75&e=3&u=/nf/20041104/tc_nf/28135 http://www.net-security.org/press.php?id=2626 http://www.vnunet.com/news/1159171 http://www.theregister.co.uk/2004/11/04/phishing_exploit/ the only article that seems to says anything about patched users being protected that I could find was this one: http://software.silicon.com/security/0,39024655,39125549,00.htm Dave King http://www.thesecure.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New Phising attack FUD or Real? Dave King (Nov 04)
- Re: New Phising attack FUD or Real? Peter Besenbruch (Nov 04)
- Re: New Phising attack FUD or Real? phased (Nov 04)
- <Possible follow-ups>
- New Phising attack FUD or Real? Dave King (Nov 04)