Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Fly Phishing... for "enhanced safety"


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 25 April 2008 - 02:30 PM

FYI...

- http://www.f-secure....s/00001428.html
April 25, 2008 - "Some phishing gangs have a new technique. They're using trojan-spy applications... the message doesn't mention anything about providing an account-name or password. Instead, it attempts to convince the recipient that they need to install a Digital Certificate for enhanced safety. (Anybody want to buy a bridge?)... It's basically a page full of jargon designed to overwhelm the potential victim. What happens if the victim falls for the bait and installs the "certificate"? A trojan-spy will be installed. So now the phishers don't need to ask for passwords anymore, they can just take them. This technique keeps the classic element of phishing by mimicking the trusted institution — the bank. What they've adjusted is the part that people have become skeptical of, which is giving away their password when requested by e-mail."

(Screenshots available at the URL above.)

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 30 April 2008 - 07:37 AM

More...

- http://www.darkreadi...o...&print=true
APRIL 28, 2008 - "...Both Trend Micro* and F-Secure** over the past few days spotted new iterations of the attack, which was first reported by RSA last week. The latest tack is phishing emails posing as Comerica Bank and Colonial Bank that ask banking customers to renew their digital certificates. When they click on the link for more information on the phony renewal process, it downloads the nasty Trojan onto their desktops... the Rock Phish group also has been coming out with different versions of the malware each day to try to fly under the radar. It changes the “packer,” encoding, and other characteristics to evade antivirus detection... advice to end users...: be aware that your bank will never send you anything to download, not even a digital certificate, so don’t fall for one of these emails..."

* http://blog.trendmic...l-certificates/

** http://www.f-secure....s/00001428.html

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users