This is cache of http://blog.cronto.com/index.php?title=phishing_reloaded&more=1&c=1&tb=1&pb=1. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Phishing reloaded
2008-04-04 21:18:18 by Editor in Security x.0
 

Whilst the industry is still choosing the best user authentication method, the phishers are moving on. Possibly just too bored with how simple it is to do a "normal" phish, or attempting to improve signal-to-noise ratio, they are building the tools that allow them to easily bypass the strong authentication that has not even been rolled out everywhere.

Recent reports indicate an increase in phishing-based trojans and traffic redirectors.

Along with phishing-based keyloggers we are seeing high increases in traffic redirectors. In particular the highest volume is in malicious code which simply modifies your DNS server settings or your hosts file to redirect either some specific DNS lookups or all DNS lookups to a fraudulent DNS server. The fraudulent server replies with “good” answers for most domains, however when they want to direct you to a fraudulent one, they simply modify their name server responses. This is particularly effective because the attackers can redirect any of the users requests at any time and the end-users have very little indication that this is happening as they could be typing in the address on their own and not following an email or Instant Messaging lure. APWG March 2007

As previously discussed, phishers are already developing and using tools that automate Man-in-the-Middle attacks and they continue to innovate. Richard Clayton and Tyler Moore have produced a paper (An Empirical Analysis of the Current State of Phishing Attack and Defence) based on monitoring "several thousand phishing web sites over a two month period". The paper describes mechanisms employed by phishers to effectively deploy a vast number of phishing websites, including:

A newer architectural innovation dubbed “fast-flux” that used hundreds of different compromised machines per week, extended the website availability to a median of 202 hours.

Both the original paper and their blog summary are well worth reading.

No single method can solve the problem, but a good start is to move away from "protecting these brand new 2007-built apps with a Web 1.0 security model that was invented in 1995", get better at "following the money" and focus on verifying transactions, not just the user.

 
Tags: fraudulent, fraudulent server replies, paper describes mechanisms, paper, dns lookups, specific dns lookups, fraudulent dns server, traffic redirectors, user authentication method
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia