Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: New Phising attack FUD or Real?
From: phased <phased () mail ru>
Date: Fri, 05 Nov 2004 01:11:47 +0300

Certainly modifying host file is not a new idea, there are botnet style worms
that do this for AV and so forth, and there are specific modified bots that
target certain bank site hostnames.  They are often not used on that large a scale so dont often get noticed, and the 
majority are self cleaning after the job has been done.

The media often over hypes these things and talks shit, such as this http://in.tech.yahoo.com/041103/137/2ho4i.html.

"LONDON (Reuters) - A file-sharing program called BitTorrent has become a behemoth, devouring more than a third of the 
Internet's bandwidth, and Hollywood's copyright cops are taking notice."

I wonder where they got their data from, MORE THAN A THIRD OF THE INTERNETS BANDWIDTH! How accurate do you think this 

-----Original Message-----
From: Dave King <davefd () davewking com>
To: Full Disclosure <full-disclosure () lists netsys com>
Date: Thu, 04 Nov 2004 14:30:07 -0700
Subject: [Full-disclosure] New Phising attack FUD or Real?

There have been several sites that have announced a new phishing attack 
that's been found in Brazil that rewrites the hosts file so that when 
certain bank urls are entered they get directed to the site in the hosts 
file rather than look it up on their DNS server.  While I've never seen 
such an attack, I've been expecting this to happen eventually (if it 
hasn't already happened).
the unpatched Outlook, no SP2 and basically assuming that the user is 
using either Outlook or Outlook Express.  It seems that the machines 
I've mentioned would not only have to open the email, but manually run 
the script.  While I'm not saying this wouldn't ever happen, it's not 
what they're saying.  To me this is spreading FUD and not responsible 

Let me know if I'm wrong and other mail clients would be vulnerable to 
this attack or if SP2 machines are vulnerable.  I also believe it is a 
good idea to disable WSH unless you need it (as it's a good idea to 
disable anything you don't use).

Here are links to several stories about this new phishing scan.




the only article that seems to says anything about patched users being 
protected that I could find was this one:

Dave King

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]