Posts Tagged ‘malware

Phishing Email

Phishing emails are crafted to look as if they’ve been sent from a legitimate organization. These emails attempt to fool you into visiting a bogus web site to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information. The perpetrators of phishing scams carefully craft the bogus web site to look like the real thing.

For instance, an email can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that, in order to validate your account, you must click a link included in the email and complete an online form.

The email is sent as spam to tens of thousands of recipients. Some, perhaps many, recipients are customers of the institution. Believing the email to be real, some of these recipients will click the link in the email without noticing that it takes them to a web address that only resembles the address of the real institution. If the email is sent and viewed as HTML, the visible link may be the URL of the institution, but the actual link information coded in the HTML will take the user to the bogus site. For example

visible link:

actual link to bogus site:

The bogus site will look astonishingly like the real thing, and will present an online form asking for information like your account number, your address, your online banking username and password—all the information an attacker needs to steal your identity and raid your bank account.

What to Look For

Bogus communications purporting to be from banks, credit card companies, and other financial institutions have been widely employed in phishing scams, as have emails from online auction and retail services. Carefully examine any email from your banks and other financial institutions. Most have instituted policies against asking for personal or account information in emails, so you should regard any email making such a request with extreme skepticism.

Phishing emails have also been disguised in a number of other ways. Some of the most common phishing emails include the following:

  1. fake communications from online payment and auction services, or from internet service providers – These emails claim there is a “problem” with your account and request that you access a (bogus) web page to provide personal and account information.
  2. fake accusation of violating Patriot Act – This email purports to be from the Federal Deposit Insurance Corporation (FDIC). It says that the FDIC is refusing to ensure your account because of “suspected violations of the USA Patriot Act.” It requests you provide information through an online form to “verify your identity.” It’s really an attempt to steal your identity.
  3. fake communications from an IT Department – These emails will attempt to ferret passwords and other information phishers can use to penetrate your organization’s networks and computers.
  4. low-tech versions of any of the above asking you to fax back information on a printed form you can download from a (bogus) web site.

Tags : , , , , , , , ,

Web threat delivery mechanisms

Web threats can be divided into two primary categories, based on delivery method – push and pull. Push based threats use spam, phishing, or other fraudulent means to lure a user to a malicious (often spoofed)Web site, which then collects information and/or injects malware. Push attacks use phishing, DNS poisoning (or pharming), and other means to appear to originate from a trusted source. Their creators have researched their target well enough to spoof corporate logos, official Web site copy, and other convincing evidence to increase the appearance of authenticity.

Precisely-targeted push-based threats are often called “spear phishing” to reflect the focus of their data gathering (“phishing”) attack. Spear phishing typically targets specific individuals and groups for financial gain. In November 2006, a medical center fell victim to a spear phishing attack. Employees of the medical center received an email telling them they had been laid off. The email also contained a link that claimed to take the recipient to a career counseling site. Recipients that followed the link were infected by a key logging Trojan. In other push-based threats, malware authors use social engineering such as enticing email subject lines that reference holidays, popular personalities, sports, pornography, world events, and other popular topics to persuade recipients to open the email and follow links to malicious sites or open attachments with malware that accesses the Web.

Pull-based threats are often referred to as “drive-by” threats, since they can affect any visitor, regardless of precautions. Pull threat developers infect legitimate Web sites, which unknowingly transmit malware to visitors or alter search results to take users to malicious sites. Upon loading the page, the user’s browser passively runs a malware downloader in a hidden HTML frame (IFRAME) without any user interaction.

Both push- and pull-based Web threat variants target infection at a regional or local level (for example, via local language sites aimed at particular demographics), rather than using the mass infection technique of many earlier malware approaches. These threats typically take advantage of Internet port 80, which is almost always open to permit access to the information, communication, and productivity that the Web affords to employees.

Tags : , , , , , , , , , ,