March 29th, 2005, 08:07 PM
From Phishing to Pharming and More...
First, check out this article:
This caught my eye:
So, I'm just now learning about the HOSTS file and what that's all about. A computer checks it's host file when trying to resolve a hostname to an IP, right? Then if it doesn't see it in the HOSTS file, it moves on to query DNS (correct me if I'm wrong, I'm just now learning the details of this).
More important, however, is that phishing without an accompanying e-mail "lure" is becoming more common. So called "pharming" attacks don't rely on legitimate-looking e-mails to lure users to fake Web sites, but automate that process by planting malicious code on vulnerable systems, then modifying the PC's HOSTS file to point to fraudulent sites rather than to the real deal.
So, does that mean these "pharmers" are actually using malware to alter the listings in the HOSTS file so that if I typed, for example, "www.yahoo.com" it would check the corrupted HOSTS file and instead take me somewhere like "www.yaho0.com", where a phishing scam would happily await me?
If so, that's darn interesting. Those of you who are gurus at this please expand on this and enlighten us...
Second, look at this:
Interesting target eh? Do you think the author is on the right track with his deductions, or is he perhaps overlooking something? I'm wondering myself...this could open the door for some really interesting social engineering attacks, I would think, given that this phishing tactic involves resumes. What do you think?
On Monday, Websense said it had received reports of a phishing attack directed at Monster.com, the online job posting Web site. Users receive a spoofed e-mail, supposedly from Monster.com's customer service, saying that their account has been suspended, and that they need to login to check their information.
April 2nd, 2005, 02:31 PM
Scary isn't it?
I had also read this article from EnterpriseITPlanet.com by the very own JupMedia
Source - http://www.enterpriseitplanet.com/se...le.php/3493431
Phishing, pharming, what’s next? When people expert in this area of cyber-crime became more and more sophisticated, and they will always involve their bestfriend – Trojan and Malware. They act hand-in-hand and do everything to fool the user. At least there is some good news behind this latest threat, Anti-virus and Anti-spyware will always be there to watch and try to protect the users. On the other hand, users should be more vigilant in being informed. Always check the latest security, computer and technology news, updates and forums like AO.
MORE ABOUT PHARMING - http://www.freedom-to-tinker.com/archives/000781.html
"Pharming" tries to fool your computer about where the data is coming from. It does this by attacking DNS (Domain Name Service), the service that interprets names like "freedom-to-tinker.com" for you.