Key-loggers the new phisherman's friend

Discussion in 'other security issues & news' started by spy1, May 6, 2005.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    http://www.vnunet.com/news/1162890

    "Phishing attacks are increasingly using key-loggers as another method to steal personal information, according to the Anti-Phishing Working Group (APWG).

    These attacks usually redirect users to a bogus website and record details once they are entered. But the past six months has seen a tenfold rise in the number of phishing sites hosting key-logging software which can be transferred to a user's PC via an improperly patched browser.

    "Phishing techniques are evolving in sophistication and complexity at a rapid pace," warned Mark Murtagh, technical director at Websense, a member of the APWG.

    "As awareness of phishing among web users has grown, fraudsters are using new attack methods in addition to fake websites.

    "One of the most common forms is where malicious code modifies host files and points end users to a fraudulent site despite them having typed the correct URL into their browser."

    At the end of last year there were only 10 phishing sites being found each week hosting such code, but by March this had risen to 100. Some web pages remained up for over a month, but the average time to take down a phishing site was 5.8 days.

    The move to key-loggers could reflect growing security awareness among consumers regarding online commerce.

    Banks have always told customers that they do not ask for personal information via email, and are working with police and the government on other ways to fix the problem."

    And - with SpyCop ( http://spycop.com/products.htm ) now supplemented by ProcessGuard ( http://www.diamondcs.com.au/processguard/ ) - I don't have to worry about this, either! Life is good. Pete
     
  2. controler

    controler Guest

  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Well, I'm not really sure how you figure that, Bruce. With PG the way I run it (with "Block new and changed applications" check-marked and the program locked) - nothing "new" can be installed behind my back without warning.

    Remember, too - you're only vulnerable to what they're talking about to begin with if you're running "an improperly patched browser." (according to the article).

    So I guess I really don't understand what you mean by that particular comment. Pete
     
  4. Pollmaster

    Pollmaster Guest

  5. Pollmaster

    Pollmaster Guest

    I agree, I don't know what Bruce is smoking, but he's probably referring to the phishing tricks used by websites to fool the browser.No additional process beyond the browser runs, so PG doesnt help against that. Neither does Firefox actually unless you take care to change the defaults.
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    ? If so, then it looks like I've under-estimated the depth of the problem (and that Bruce is right, too).

    Guess I'd have to actually go to one of those types of sites and see what happens to know for sure. Pete
     
  7. controler

    controler Guest

    I am sorry for not being more clear again.

    yes I ment the ones you get in e-mail. They look ligit.
    Once added to Phishguards database, PhishGuard won't allow your default browser to go to the site. GhostSurf does the same thing but I am not sure how big the database is they use. When you look at the list that shows up in the GUI, the list appears small. I contacted them about this but they aren't the speediest responders LOL

    With this type Phishing, PG, Firewall, ect won't matter. Of course we might not be tricked by these tactics but many other less educated on the issue do fall pray to Phishing.

    But I still love Shadowuser :) & PG

    Bruce
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Bruce - can one examine their database if you d/l the program? Or, if you can, could you simply send me a listing of the IP addresses being blocked? I'll give it a whirl here. Pete
     
  9. Pollmaster

    Pollmaster Guest

    PG is nice, but it's best to have some understanding of basic security issues, so you can understand what PG protects against and what it doesnt. Nothing is more dangerous than a false sense of security.

    In the past, lots of browser exploits, eg the IDN issue, javascript exploits etc ,problems with 'race conditions', XSS exploits all can mask the real domain-name in the location bar and/or status bar. Most have being fixed, but not all.

    You can do some things to protect yourself , https://www.wilderssecurity.com/showthread.php?t=78859 but..........

    Even assuming all browser holes are plugged, a careless user can still be fooled if he doesn't know how that www.ebay.evilsite.com is not owned by ebay for instance.
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Pollmaster - PM or email me some "live ones", would you? Pete
     
  11. Pollmaster

    Pollmaster Guest

    There are many more Bruce....

    Thunderbird has some built in protection for example.

    Then there is spoofstick and the much more superior Standford's spoofguard, Earthlink's Scamguard, and more.

    The better tools, use both a database of reported phishing sites, coupled with dynamic heuristical analysis of the url to spot possible phishing/spoofing sites.
     
  12. controler

    controler Guest

    Yes after googling I found a bunch

    netcraft toolbar, AOL, G-Mail, ect.

    Spycatcher compares the actual site to the fake site, since most Phishing scams usualy only last 6 days.


    Bruce
     
  13. Pollmaster

    Pollmaster Guest

Loading...
Thread Status:
Not open for further replies.