Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

New Phising attack FUD or Real?
From: Dave King <dave () davewking com>
Date: Thu, 04 Nov 2004 14:23:54 -0700

There have been several sites that have announced a new phishing attack that's been found in Brazil that rewrites the hosts file so that when certain bank urls are entered they get directed to the site in the hosts file rather than look it up on their DNS server. While I've never seen such an attack, I've been expecting this to happen eventually (if it hasn't already happened). The part of the stories I've read that seem a little strange is that they say this attack will happen without any type of user interaction besides opening the email. It seems that the writers are leaving out the unpatched Outlook, no SP2 and basically assuming that the user is using either Outlook or Outlook Express. It seems that the machines I've mentioned would not only have to open the email, but manually run the script. While I'm not saying this wouldn't ever happen, it's not what they're saying. To me this is spreading FUD and not responsible reporting.

Let me know if I'm wrong and other mail clients would be vulnerable to this attack or if SP2 machines are vulnerable. I also believe it is a good idea to disable WSH unless you need it (as it's a good idea to disable anything you don't use).

Here are links to several stories about this new phishing scan.

http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20041104/tc_cmp/51202564
http://story.news.yahoo.com/news?tmpl=story&cid=75&e=3&u=/nf/20041104/tc_nf/28135
http://www.net-security.org/press.php?id=2626
http://www.vnunet.com/news/1159171
http://www.theregister.co.uk/2004/11/04/phishing_exploit/

the only article that seems to says anything about patched users being protected that I could find was this one:
http://software.silicon.com/security/0,39024655,39125549,00.htm

Dave King
http://www.thesecure.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]