[ insider_reports_insider ]
Google Used In Phishing Scheme
Jeremy L. Muncy
Staff Writer
2004-10-27
 Insider Reports RSS Feed
A new phishing scam is redirecting users three times through Google to fake registration website so it can beat antispam technology. The email says it's from Yahoo administrators and tries to get people to sign up for new email accounts. The hackers are using a clever combination of Yahoo and their own sites to claim the accounts for themselves.
 | | Google Becomes Tool For Scammers... |  |
The email says it's from Yahoo administrators and tries to get people to sign up for new email accounts. The hackers are using a clever combination of Yahoo and their own sites to claim the accounts for themselves.
"No one is going to block Google," said Alex Shipp, senior antivirus technologist for MessageLabs. "The link is a very complex string that hides their URL behind Google. It redirects three times probably to try and defeat anti-spam measures. Basically, you create email accounts for the bad guys. It's a way of ensuring that they have loads of accounts, and these could be used for [sending] spam."
"The fraudsters sent emails pretending to be from Yahoo asking users to complete a registration form for an email account. The link on the email directs users to a fake Yahoo Web site, but does so pointing browsers at Google three times first. At this point a legitimate Yahoo pop-up appears explaining the registration process. When the form is completed, users are prompted to fill in a legitimate verification number, at which point the hackers can take control of the account", according to zdnet.co.uk.
Hackers have also been using CNET and ZDNet redirects as a means of hiding their web sites.
eBay Worm Begins To Spread. Noted over a month ago, the Myfip worm is beginning to spread. The worm spreads using an email supposedly sent by the online auctions webmaster contains a worm that attacks poorly-protected network drives.
The email security firm Messagelabs was the first to detect Myfip. They believe that anti-virus software will have trouble detecting it since it has been compressed using an uncommon packing utility.
According to Messagelabs, "Myfip uses a packer previously unseen in email virus distribution. The use of an uncommon packer could make it more difficult for antivirus software vendors to identify and protect against the malicious code within."
Myfip arrives in an email with the subject "hi, [recipient], I'm webmaster of eBay.com, and we raise a research in our Website". The body of the message asks the recipient to take part in a "Multiple Item Auction" with the chance of winning a prize. "If you're the winner of Multiple Item Auctions, you can get the following thing… 1.a notebook that worth 18000$... 2.a camara […] worth 1000$".
Even if antivirus fails at spotting the new worm the poorly written email should make any recipients suspicious of it.
Mac Users Face-to-Face With Rare Threat. New malware, which is being called Opener by Mac user groups, could posses the power to disable Mac OS X's built-in firewall, steal personal information or destroy data.
Those are common traits that plague Microsoft Windows users but are almost unheard of when discussing Apple Computer's Mac OS.
The software, which Sophos calls Renepo, is designed to affect Mac OS X drives connected to an infected system and that it leaves affected computers vulnerable to further attack, according to Paul Ducklin, Sophos' head of technology in the Asia-Pacific region.
According to Ducklin, Opener could try to spread by duplicating itself to any drive that is connected to the infected computer. This could mean a local drive, part of a local network or a remote computer.
Mikko Hypponen, director of antivirus research at F-Secure, said that viruses targeting the Macintosh system virtually disappeared in the late 1980s.
"Things have been really quiet on Macintosh front, virus-wise. Back in the late 1980s, viruses used to be a much bigger problem on Macs than on PCs. We here at F-Secure used to have an antivirus product for Mac but discontinued it after the macro viruses died out," said Hypponen.
Brazilian Hacker Defaces The Government. More than 200 Brazilian government websites were the target of a hacker this week. According to security experts, the hacker went through a single ISP that hosts all the government websites. Abusive anti-government messages were left on some and a photo of a woman's eye on others.
"This could well be political -- a lot of these things come down to political warfare," a security expert said. "I wouldn't like to say how secure the Brazilian government is, but it shows how vulnerable they are and how easy it is to do. It's all right to get ISPs to host your Web server, but there needs to be some form of evidence that they take security seriously."
Many of the website defacements appear to have been removed. Security experts last month said that Brazil was a cybercrime hotspot, being home to 80 percent of the world's hackers.
About the Author:
Jeremy Muncy is the editor of http://www.SecurityProNews.com.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
