iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Scammers Go Phishing With Flash
Search:
[ insider_reports_insider ]

Scammers Go Phishing With Flash



David Utter
Staff Writer
2007-01-05

SecurityProNews: Insider Reports Insider Reports RSS Feed


Since anti-phishing measures can involve analyzing the content of a page to determine if it is a phish or not, some criminals have shifted to Flash to evade their notice.

Scammers Go Phishing With Flash
Scammers Go Phishing With Flash

The cat and mouse game continues between scammers and those who would thwart their phishing schemes. Anti-phishing technology has been built into web browsers and provided as toolbars for people, which has caused the criminals to start escalating the technology side of their efforts.

F-Secure cited a couple of URLs as examples in their blog post about the Flash phish. The examples replicated PayPal's pages; PayPal and eBay have long been favorites among phishers.

If someone is fooled by the site and logs in to the fake PayPal, the next screen opens with a request for credit card information like card number and expiration, the CVV number from the back of the card, the PIN used for ATM transactions, and the name on the card.

The two recent examples of Flash phishing have been shut down following F-Secure's notifications to their hosts that the sites were engaging in criminal activity.

Over at Symantec, researcher Zulfikar Ramzan discussed the problem back in July 2006, and elaborated on how such 'Phlash' phishing works to elude detection by common anti-phishing tools:

For example, many anti-phishing toolbars might try to determine if a certain Web page contains a "form element" where users would enter sensitive information, such as a password. It is easy enough to make this determination by simply searching for an appropriate < form > tag in the HTML code used in the page itself. However, it is possible to create the equivalent of the form element entirely in Flash, but without ever employing a < form > tag. Any anti-phishing technique that only involves analyzing HTML would not succeed.
"We are noticing a clear trend in which attackers are leveraging embedded software technologies in their attacks," Ramzan said in a new post revisiting the Flash phishing concept. He cited the recently revealed Adobe Reader flaw in older versions of that software as an example of the trend.

For example, there was a recent cross-site scripting attack that takes advantage of the way some Adobe PDF file-viewing plugins work.

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the updates -




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds