Many of you remember reading an post I made about Phishing. Just to recap, Phishing is an evolving attack where an attacker convinces a victim to hand over sensitive information such as bank account access information, passwords, credit card numbers, etc.
The attack that I described was, at the time, the only attack I knew about. Apparently Phishers are becoming more and more sophisticated.
A report found on CNN.com explains how Phishers are now using malicious software to redirect a web browser from a legitimate site. For example if a customer would type “banking.53.com” into the address bar, the spyware could re-direct the browser to a spoofed web site. This spoof will look exactly like the actual site so that the victim enters his access id and password and hits submit. The faux site will then either throw an error message saying the system is down and to try back later, or it will take the information that the victim submitted, log it, and then send an authentication request to the actual web site making it appear that the site functions properly.
Another new attack that is being devised is to attack the DNS servers themselves.
DNS servers act like giant phone books for the internet. They are the machines that direct a plain text URL to the IP number associated with the site. For example, when you type www.ebay.com into the address bar, the internet browser looks into one of the DNS servers to find out where www.ebay.com is (22.214.171.124). Once it has this information, the browser directs the user to the IP address and loads the page.
If a Phisher is able to gain access to the directory listing on one of the main DNS servers, he can re-direct any page he wants to whatever IP address he wishes. This is by far the most dangerous, but most unlikely phishing attack.
What this all comes down to is that today; we all have to be careful about where we go and what we do on the internet. Pay attention to how long it takes you to go to a web site, be aware of anything strange that happens and challenge everything. If you think something is not right, call the people who operate the website you are trying to use and talk to them. Keep some sort of spyware removal software on your computer. Microsoft has a great one that will even remove the software that causes spyware (This article is much worth the read).
As technology progresses, it becomes increasingly difficult to keep our identities and secure information safe.
That’s all for now.
The End-of-the-Blog Rundown
Song of the Day – Sheep go to Heaven – Cake
Hero of the Day – House of Hunan for delivering me dinner 🙂
Quote of the Day – “We’re going to play a game. It’s called piss off the Reds” – A guy playing Halo 2 on Xbox Live with Will.
Current Mood – – Giddy
Until the next post…