Fraudsters use malware to direct users to phishing sites
The latest information on phishing indicates that fraudsters are increasingly
using malicious software to direct users to their deceptive sites.
The Anti-Phishing Working
Group (APWG) said in
a new report Thursday that it saw a sharp rise in November in malware that
directs users to DNS (Domain Name System) servers controlled by phishers.
DNS servers play a crucial role in locating Web sites. The servers translate
a domain name into an IP (Internet protocol) address, enabling a Web site to
be located and accessed through a browser.
Often, the phishers will set up their own DNS server that works fine most of
the time but can redirect to their own malicious site.
Tainting a person's DNS settings is particularly dangerous since the user probably
won't notice the redirection, the APWG said.
"The fraudulent server replies with 'good' answers for most domains, however,
when they want to direct you to a fraudulent one, they simply modify their name
server responses," the report said.
Phishers are also employing malware that modifies an internal PC file called
the hosts, which is used to match domain names of Web sites with IP addresses.
When a person visits a Web site, the browser checks the hosts to see if it
has an IP address for a particular domain name. If the hosts file is corrupted
or hijacked, the browser can be directed to fetch a different Web page than
the one the user intended to go to.
Both attacks -- also known as pharming -- are dangerous, since a user may be
typing in the correct URL (uniform resource locator) but be directed to the
phishing site.
The APWG reported that the overall number of unique phishing sites declined
in November, but 178 different brands were targeted, a record number. By comparison,
120 brands were used in phishing attacks in October. The highest previous total
was in April 2007, when 174 brands were targeted.
More Middle Eastern and European financial services companies were spoofed
in phishing schemes, APWG said. The financial services industry is the most
targeted for fraud, comprising 93.8 percent of all phishing attacks.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
