Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Online Fraud
Showing posts in English
Sai Narayan Nambiar | 23 Dec 2008 21:00:55 GMT | 0 comments

There are varying types of technologies used by online attackers these days. There are old tricks and of course new ones, but it is the newer ones that make it even more difficult to handle the dilemmas faced in the world of Internet security. One of the trends of attack that was noticed a little while ago was an attack based on a website’s “port number.” A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. We can identify a port number after a colon (“:”) following the host name. For example, consider, in which the port number in the URL is 8080.

According to the IANA (Internet Assigned Numbers Authority), the port numbers are divided into three ranges: well known ports, registered ports and the dynamic and/or private ports.

1.    The...

Mathew Maniyara | 12 Dec 2008 17:47:58 GMT | 0 comments

What is an IDN? IDN stands for “internationalized domain name.” These are the domain names that contain one or more characters that do not belong to a Latin-based western language (or characters that are not available in the ASCII character set).

Domain Name System or DNS (a naming system that links domain names to IP addresses) has the technical support for these IDNs, but many applications such as Web browsers, email services, etc. are not yet able to support them. Such compatibility issues arising from IDNs necessitated a conversion from an international character to a suitable ASCII character. The conversion is achieved by the use of certain algorithms that converts these characters into a code called Punycode. A Punycode contains ASCII characters prefixed with the string “xn—.”

The following is an example for a Chinese domain converted to its Punycode:

Domain name -  例如.com


Antonio Forzieri | 27 Oct 2008 18:01:57 GMT | 0 comments

My previous blog article was intended to highlight two new features observed in a number of phishing kits that held the aim of making the lives of security analysts more difficult. I want to now focus my attention on another trick that has been used in phishing kits in order to protect the attack against a technique called "dilution." Dilution is a method of providing a certain amount of false credentials, names, account numbers, and other personal information to a phishing website. With this technique, real credentials are diluted in a sea of false data, making the fraudster's job harder.

There are several different kinds of dilution strategies, classified by the type of data provided to the phishing site:

•    Random Data: a large amount of random unformatted data is submitted. This strategy attempts to fill up the collection point, but has a drawback in that the...

Kelly Conley | 21 Oct 2008 23:37:52 GMT | 0 comments

Phishing is a way for individuals who are known as "phishers" to obtain your private information such as bank account details and passwords. Phishing messages come in the form of an email message that is directed to you and appears to be from a reputable company or business-often one that you have an association with and trust. But, it is not. The message will tell you to confirm your bank details, password, or login credentials or "your account may be closed." You are then directed to click on a link in the email to take you to a website to enter in the requested details. By employing scare tactics such as the threat of account closure, phishers are hoping to lure you in to their trap.

Once you click the link you are taken to a website that looks like the real website of the company the email is purporting to be from. But it is not. You enter your details and the phishers now have the information they need to steal your identity. What just...

Antonio Forzieri | 30 Sep 2008 17:49:01 GMT | 0 comments

A "phishing kit" is small piece of software usually written in PHP, HTML, and JavaScript that mimics legitimate portals (for example, financial institution websites) in order to acquire sensitive information such as usernames, passwords, and credit card details. The phishing kits of the first generation were quite simple; the fraudster would build a login page to collect stolen information on local files, saved on the compromised web servers. As shown in the picture below, after the credentials have been saved, users are redirected to the legitimate website.

This approach has an obvious drawback: if the directory-listing feature is enabled on the web server, other Internet users (including the compromised financial institutions) would be able to read those files. The countermeasure that was adopted by the fraudsters was the usage of "drop-...

Davide Veneziano | 29 Sep 2008 23:22:15 GMT | 0 comments

The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy a package called a "phishing kit," which contains a clone application of the targeted institution. Then, mass mailing activities, with the aim of reaching a large number of recipients, are accomplished. Finally, the fraudsters use social engineering techniques to entice victims to submit their credentials, from which the fraudsters attempt to derive valid credentials. This will only happen if the fraudsters are able to convince users that they should trust the phishing website, or at least be tricked into believing it is a legitimate site and not raise any suspicion. Of course, this is not always a painless task.

Symantec has carried out several forensics analyses in order to evaluate the distribution of phished users over the different phases described above. Specifically, I want to focus my attention on the portion of users submitting...

Hon Lau | 19 Aug 2008 15:58:50 GMT | 0 comments

Back in the 90's, Jamiroquai had a hit album named "Travelling without Moving." The title gives an apt description of some of the fantastic things that you can now do on the Internet. For example, we can now literally travel the world without moving beyond the comfort of the armchair. Applications such as Google Earth and Google Maps (with its Street View feature) enable anybody with a decent Internet connection to literally drop in to virtually any location on this planet.

These applications are great for planning visits-you can see exactly how far your hotel is from the train station, where there is parking, or even plot your full itinerary. You can also use these applications to get a feel for an area before you go there; for example, if you were visiting an unfamiliar area it's really useful to see what the building or location you are going to actually looks like before you get there. Addresses are sometimes hard to recognize and as the saying goes, a...

Hon Lau | 04 Aug 2008 18:19:56 GMT | 0 comments

A timely warning to those wishing to purchase last minute tickets for the Beijing Olympic Games of 2008 to beware of scams and rip offs. There are some fake but very well crafted ticketing Web sites that have been duping unsuspecting members of the public out of their hard earned cash by posing as legitimate suppliers for Olympic events. In particular, one such scam site ( and its mirror site has, according to media reports, already ripped off many individuals, some to the tune of US $57,000.

This scam site claims to be able to source tickets for sold out sporting events, playing on the fact that many Olympic event tickets are already sold out due to huge demand. I checked out the site today and found that tickets for the opening ceremony (which were sold out some time ago) are still...

Ben Nahorney | 23 May 2008 11:43:40 GMT | 0 comments

We’ve all done foolish things for romance. The exhilaration of discovering a new partner is one of the more exciting feelings in the human experience. However, this flutter of emotions can also drive us to distraction—so much so that reason and logic are often thrown out at its height.

It seems the online scammers of the world have realized this, if phony romance scams are any testament. Such “phomance” scams can sometimes go on for months, as the scammer slowly wins over the victim’s trust. These schemes generally lead to a request for money, under the guise that the scammer plans to visit. Ultimately, the meeting never occurs, the money is gone, and the victim is quite possibly left with nothing but a broken heart.

Fortunately many such scammers aren’t clever enough to achieve this final result, often giving away clear indications that they aren’t who they say they are. But by keeping an eye out for a few telltale signs, it...

Zulfikar Ramzan | 21 Apr 2008 23:53:38 GMT | 0 comments

On the eve of the much anticipated Pennsylvania Democratic Primary, we received public reports of a series of cross-site scripting vulnerabilities that affected Barack Obama's campaign Web site. We also saw reports of these vulnerabilities being disclosed publicly on the Web site. The corresponding code to exploit the vulnerabilities was used to redirect users to Hillary Clinton’s Web site.

Who says attackers don’t have a sense of humor? While a couple of these vulnerabilities were shored up before we could investigate them, we were able to examine some for validity.

At a high level, what appears to have happened is that an attacker took advantage of the fact that certain parts of the Obama campaign site allows users to post content, for example, in the form of community blog postings. While most users take advantage of such features to post political commentary, at least one user decided to try posting something more insidious.

Here’s how such...