mailing list archives
New Phising attack FUD or Real?
From: Dave King <davefd () davewking com>
Date: Thu, 04 Nov 2004 14:30:07 -0700
There have been several sites that have announced a new phishing attack
that's been found in Brazil that rewrites the hosts file so that when
certain bank urls are entered they get directed to the site in the hosts
file rather than look it up on their DNS server. While I've never seen
such an attack, I've been expecting this to happen eventually (if it
hasn't already happened).
The part of the stories I've read that seem a little strange is that
they say this attack will happen without any type of user interaction
besides opening the email. It seems that the writers are leaving out
the unpatched Outlook, no SP2 and basically assuming that the user is
using either Outlook or Outlook Express. It seems that the machines
I've mentioned would not only have to open the email, but manually run
the script. While I'm not saying this wouldn't ever happen, it's not
what they're saying. To me this is spreading FUD and not responsible
Let me know if I'm wrong and other mail clients would be vulnerable to
this attack or if SP2 machines are vulnerable. I also believe it is a
good idea to disable WSH unless you need it (as it's a good idea to
disable anything you don't use).
Here are links to several stories about this new phishing scan.
the only article that seems to says anything about patched users being
protected that I could find was this one:
Full-Disclosure - We believe in it.
- New Phising attack FUD or Real? Dave King (Nov 04)