Three Phishing Stories
Millions and Millions of Emailed Trojans
In late Febuary 2006 several million copies of a Trojan horse was emailed in a phishing expedition targeting PayPal users. BlackSpider Technologies said it had already found and stopped 3.2 million of them and reported that it took 52 hours for the first vendor to update its program. This Trojan has "Notification: Your Account Temporally Limited," in the subject line. As in phishing emails from the past, there is a typo problem here, "Temporarily" is misspelled as "Temporally."
Using a typical "alarm" the message tells the reader that there has been unusual activity in their account. If they then open the attached file, the Trojan, Clagger.h, installs itself. Clagger.h not only monitors any usernames and passwords, but it leaves a "backdoor" open so that the perpetrator can come back and install more malicious code later.
Email from a Friendly Source
When you receive email from an unknown person, red flags are raised and you may delete it, unread, or proceed cautiously. But when you receive email from a friend, this is a good thing. You tend to open and read them. But now the spear phishers are targeting social web sites like myspace.com and facebook.com. It is easy to identify a friend of someone, spoof a sending email address and ship out keyloggers, Trojans and virus files to the email addresses readily available.
It is important to be cautious when putting email addresses in the open. To thwart some automated systems users may add text which another person would know to remove from the email address, such as "andyz(removethis)@bankersonline.com."
Seasonal Phish
It is tax time. Current trends show more fraudsters are impersonating the IRS, says Alfred Huger, senior director at Symantec Security Response. They have documented 50 instances of this already. Any taxpayer waiting on their refund, or the possibility of one, would certainly be interested in an email from "tax-refunds@irs.gov" telling them that they're eligible to receive a tax refund for a given amount. To receive this they must click a link to a web site that will ask for their private information. Certainly the site is a spoof and the IRS does not offer refunds in this manner. The IRS notified the public about this last November in IR-2005-136. But it may seem more important now.
In late Febuary 2006 several million copies of a Trojan horse was emailed in a phishing expedition targeting PayPal users. BlackSpider Technologies said it had already found and stopped 3.2 million of them and reported that it took 52 hours for the first vendor to update its program. This Trojan has "Notification: Your Account Temporally Limited," in the subject line. As in phishing emails from the past, there is a typo problem here, "Temporarily" is misspelled as "Temporally."
Using a typical "alarm" the message tells the reader that there has been unusual activity in their account. If they then open the attached file, the Trojan, Clagger.h, installs itself. Clagger.h not only monitors any usernames and passwords, but it leaves a "backdoor" open so that the perpetrator can come back and install more malicious code later.
Email from a Friendly Source
When you receive email from an unknown person, red flags are raised and you may delete it, unread, or proceed cautiously. But when you receive email from a friend, this is a good thing. You tend to open and read them. But now the spear phishers are targeting social web sites like myspace.com and facebook.com. It is easy to identify a friend of someone, spoof a sending email address and ship out keyloggers, Trojans and virus files to the email addresses readily available.
It is important to be cautious when putting email addresses in the open. To thwart some automated systems users may add text which another person would know to remove from the email address, such as "andyz(removethis)@bankersonline.com."
Seasonal Phish
It is tax time. Current trends show more fraudsters are impersonating the IRS, says Alfred Huger, senior director at Symantec Security Response. They have documented 50 instances of this already. Any taxpayer waiting on their refund, or the possibility of one, would certainly be interested in an email from "tax-refunds@irs.gov" telling them that they're eligible to receive a tax refund for a given amount. To receive this they must click a link to a web site that will ask for their private information. Certainly the site is a spoof and the IRS does not offer refunds in this manner. The IRS notified the public about this last November in IR-2005-136. But it may seem more important now.
posted by Andy at
1:20 PM
0 Comments:
Post a Comment
<< Home