Phishers always try to come up with new tricks to bypass phishing toolbars. So, it’s not really surprising that we've now seen several phishing websites that are using Flash-based content instead of normal HTML. The main objective for the use of Flash-based content is to avoid phishing detection by toolbars that analyze page content.
Symantec has observed some recent examples all targeting reputable brands. These sites look like genuine front pages, but they are actually Flash recreations.
As shown in the above snapshot, if we right click on the Web page it reveals some program options such as "Zoom In," "Show All," and "play" options in the menu instead of the normal options you would see on an HTML page. When you type...
I keep getting asked about what malware Symantec has seen that’s been written to target social networks. While there have certainly been a few such as Koobface, people are asking the wrong question. If the social network sites are paying attention, and to their credit they usually are, these threats can be squashed pretty quickly. It’s not targeted attacks you should be worried about, but adapted attacks. Adapted attacks occur when the bad guys take existing threats and use social networks to increase the effectiveness of the social engineering aspect of the attack. There is nothing like being surrounded by friends to get you to lower you guard.
Take the problem we are getting a lot of reports on currently—it’s an advanced payment scam. This is often called a Nigerian 419 scam. (I like to call it the Spanish Prisoner...
My previous blog post highlighted both what a phishing kit is and what functionalities it usually provides to a fraudster who uses it throughout the duration of the social engineering attack known as phishing. I want now to focus my attention on the delivery methods used by this piece of software; that is, the way the information gathered from phished users is stored and ultimately delivered to the fraudster.
The evolution of the delivery methods is strictly related to the continued development of Web technologies. The first samples of phishing attacks we came in touch with years ago were entirely composed of static HTML-only pages. At that time, a server’s ability to host dynamic content was quite rare. Even then, any gathered credentials were usually sent to a vulnerable “Form to Email" program, which was a simple CGI script used to grab the parameters sent via a Web form and deliver them through an email...
A recent phishing scheme that targets users of Twitter (http://blog.twitter.com/2009/01/gone-phishing.html) may be related to a string of Web attacks against several high-profile celebrities and no doubt many other users. The most recent attacks apparently began when stolen credentials were distributed by a user on the Digital Gangster website. The noticeable result was a spontaneous defamation free-for-all, whereby the credentials were used to post humorous and sometimes vulgar messages on the compromised accounts. Some of the posts also redirected users to advertising websites.
This sort of activity is nothing new; however, it is interesting that the user gave out the credentials for free instead of selling them for a profit. As discussed in the recent Symantec ...
