Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: New Phising attack FUD or Real?
From: Peter Besenbruch <prb () lava net>
Date: Thu, 04 Nov 2004 13:03:33 -1000

Dave King wrote:

There have been several sites that have announced a new phishing
> attack that's been found in Brazil that rewrites the hosts file so
> that when certain bank urls are entered they get directed to the site
> in the hosts file rather than look it up on their DNS server....

Let me know if I'm wrong and other mail clients would be vulnerable
to this attack or if SP2 machines are vulnerable.  I also believe it
> is a good idea to disable WSH unless you need it (as it's a good idea
> to disable anything you don't use).

Here are links to several stories about this new phishing scan.

Here is another, and it answers some of your questions:
http://www.theregister.com/2004/11/04/phishing_exploit/

The short answer is XP, SP2 is not vulnerable. Neither is any e-mail
program that blocks Javascript in an e-mail. It also helps if the e-mail
program doesn't use, or support ActiveX.

the only article that seems to says anything about patched users
being protected that I could find was this one:
http://software.silicon.com/security/0,39024655,39125549,00.htm

In fairness to Microsoft, recent versions of Outlook and Outlook Express
allow you to block the execution of scripting in an e-mail message,
indeed, they are set to block scripts by default.
________________________________________________________________

Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault