Re: New Phising attack FUD or Real?

[phased <phased () mail ru>]

Certainly modifying host file is not a new idea, there are botnet style worms
that do this for AV and so forth, and there are specific modified bots that
target certain bank site hostnames.  They are often not used on that large a scale so dont often get noticed, and the 
majority are self cleaning after the job has been done.

The media often over hypes these things and talks shit, such as this http://in.tech.yahoo.com/041103/137/2ho4i.html.

"LONDON (Reuters) - A file-sharing program called BitTorrent has become a behemoth, devouring more than a third of the 
Internet's bandwidth, and Hollywood's copyright cops are taking notice."

I wonder where they got their data from, MORE THAN A THIRD OF THE INTERNETS BANDWIDTH! How accurate do you think this 
is?

-----Original Message-----
From: Dave King <davefd () davewking com>
To: Full Disclosure <full-disclosure () lists netsys com>
Date: Thu, 04 Nov 2004 14:30:07 -0700
Subject: [Full-disclosure] New Phising attack FUD or Real?

> There have been several sites that have announced a new phishing attack 
> that's been found in Brazil that rewrites the hosts file so that when 
> certain bank urls are entered they get directed to the site in the hosts 
> file rather than look it up on their DNS server.  While I've never seen 
> such an attack, I've been expecting this to happen eventually (if it 
> hasn't already happened).
> the unpatched Outlook, no SP2 and basically assuming that the user is 
> using either Outlook or Outlook Express.  It seems that the machines 
> I've mentioned would not only have to open the email, but manually run 
> the script.  While I'm not saying this wouldn't ever happen, it's not 
> what they're saying.  To me this is spreading FUD and not responsible 
> reporting.
>
> Let me know if I'm wrong and other mail clients would be vulnerable to 
> this attack or if SP2 machines are vulnerable.  I also believe it is a 
> good idea to disable WSH unless you need it (as it's a good idea to 
> disable anything you don't use).
>
> Here are links to several stories about this new phishing scan.
>
> http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20041104/tc_cmp/51202564 
>
> http://story.news.yahoo.com/news?tmpl=story&cid=75&e=3&u=/nf/20041104/tc_nf/28135 
>
> http://www.net-security.org/press.php?id=2626
> http://www.vnunet.com/news/1159171
> http://www.theregister.co.uk/2004/11/04/phishing_exploit/
>
> the only article that seems to says anything about patched users being 
> protected that I could find was this one:
> http://software.silicon.com/security/0,39024655,39125549,00.htm
>
> Dave King
> http://www.thesecure.net
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html