In addition to targeting malware, we're interested in combating phishing, a social engineering attack where criminals attempt to lure unsuspecting web surfers into logging into a fake website that looks like a real website, such as eBay, E-gold or an online bank. Following a successful attack, phishers can steal money out of the victims' accounts or take their identities. To protect our users against phishing, we publish a blacklist of known phishing sites. This blacklist is the basis for the anti-phishing features in the latest versions of Firefox and Google Desktop. Although blacklists are necessarily a step behind as phishers move their phishing pages around, blacklists have proved to be reasonably effective.
Not all phishing attacks target sites with obvious financial value. Beginning in mid-March, we detected a five-fold increase in overall phishing page views. It turned out that the phishing pages generating 95% of the new phishing traffic targeted MySpace, the popular social networking site. While a MySpace account does not have any intrinsic monetary value, phishers had come up with ways to monetize this attack. We observed hijacked accounts being used to spread bulletin board spam for some advertising revenue. According to this interview with a phisher, phishers also logged in to the email accounts of the profile owners to harvest financial account information. In any case, phishing MySpace became profitable enough (more than phishing more traditional targets) that many of the active phishers began targeting it.
Interestingly, the attack vector for this new attack appeared to be MySpace itself, rather than the usual email spam. To observe the phishers' actions, we fed them the login information for a dummy MySpace account. We saw that when phishers compromised a MySpace account, they added links to their phishing page on the stolen profile, which would in turn result in additional users getting compromised. Using a quirk of the CSS supported in MySpace profiles, the phishers injected these links invisibly as see-through images covering compromised profiles. Clicking anywhere on an infected profile, including on links that appeared normal, redirected the user to a phishing page. Here's a sample of some CSS code injected into the "About Me" section of an affected profile:
"On April 19, MySpace updated their server software so that they could disable bad links in users' profiles without requiring any user action or altering any other profile content. Overnight, overall phishing traffic dropped by a factor of five back to the levels observed in early March.^^^ Couple problems with that bit of info...1. The solution from MarkMonitor they implemented wasn't retroactive. Only new links posted are being passed through that filter.2. Said filter has yet to make it to links on actual profile pages. It's just being used in the profile comments section at the moment. 3. This filter has very little to do with the drop in MySpace phishing right now. The captcha added to the profile edit screen has had the biggest effect for sure./phishing is still a massively insane problem on there.
Back in early March, I was a victim of one of these phishing attacks on Myspace when I visited the profile of someone on my friends list. It's incredibly easy to fall victim to this attack. All I did was click the "Home" link on the profile of this person. All of a sudden, I get the Myspace homepage with a login box that appeared legitimate. Unfortunately, it took a few clicks before I realized what happened. Talk about a pain! Luckily I was able to change my password before any damage was done. The only problem is changing passwords on dozens of sites because you can't tell what was or wasn't compromised.I have a number of accounts that send passwords in plain text via email. I knew that they could easily get my Gmail address from Myspace. Then using Gmail it would be easy to search these emails out. With a bit of guessing, they might be able to figure out ways to get into more critical accounts. All it takes is one account and who knows what else it might lead to? How many people use more than one password or pin #? I think the sophistication of the attack I experienced was only the tip of the ice burg. I can imagine much nastier scenarios taking place. I immediately contacted Myspace... and I'm saddened by their slow response. The particular page that was compromised receives high traffic. I have no idea how other profiles were hijacked as a result of their slow response.
माइस्पेस या ऐसी ही सेवाओं के प्रयोक्ता आमतौर पर साधारण कम्प्यूटर प्रयोक्ता होते हैं जो कि इन गंभीर कम्प्यूटर सुरक्षा कारणों और समस्याओं को न तो जानते हैं और न ही पूरी तरह समझ पाते हैं. फिर उनके पास इनसे लड़ने का कोई जरिया भी नहीं होता.इस सारे आलेख को पढ़ने के पश्चात् यही बात समझ में आती है कि इंटरनेट अनुप्रयोग सेवा प्रदाताओं को ही ऐसे फिशिंग हमलों से अपने प्रयोक्ताओं को बचाने के लिए पुख्ता उपाय करने होंगे. तभी बात बनेगी.एक आम उपयोक्ता के लिए सोफ़िस्टिकेटेड फिशरों से लड़ने की बात करना बेमानी ही है!
Just as an update to my previous comment...Here's an except from an announcement Tom posted on MySpace a few minutes ago:"Tonight we started using msplinks on profiles, just like we've been using them in comments. Whenever you save a url in your myspace page, we convert it to an msplinks url. This allows us to easily and instantly disable links sitewide. If a phishing link gets out into common use, we can turn it of instantly."Can I have a cookie now? :P
Another update, this one is from the Whoops Department...Correction: MarkMonitor is not involved in the MSPLinks service, but is the domain registrar used by MySpace for domains including msplinks.com.The rest of my comments are factually correct. P.S. Try to post a link on MySpace to this blog entry for some major LOLz. It's filtered as if it's spam or a spoof login page. I'm sure they'll fix that after reading this though. /other innocent urls won't be as lucky.
Hi, I just received this very dodgy email:G MAI L BETA VERIFY YOUR FREE G MAI L ACCOUNT NOW !!! Dear G ma il Account Owner, This message is from Gmail messaging center to all Gmail free account owners and premium account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused Gmail account to create more space for new accounts. To prevent your email account from closing you will need to update so as to validate our user email database. CONFIRM YOUR IDENTITY BELOW * Gma il! ID : .......... * Password : ........... * Date of Birth : ...... * Country or Territory : ........... Enter the letter from the Security Image : ........ 859304 Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently. Thank you for using Gmail ! Warning Code:VX2G99AAJThanks,The Gmail TeamG MAI L BETAwhich I'm ignoring but are there any official Google comments?ADG
To whom it may concern,Dear Google,I've signed up for Gmail since December 25, 2006. (on a different username)But I keep seeing the year 2007 below the Gmail interface.Everybody knows it's year 2008 now.Have I logged on to a fake site?Was I phished or pharmed?Or was my HOSTS file poisoned?What else could have happened to my computer?Sorry for bothering you,a Computer Internet Newbie
Our guess is myspace will come out, eventually, with their own tool allowing companies to do a better job of tracking their individual sites. They will probably work with someone like google or awstats to provide this free of charge.One easy thing you can do is simply use your myspace page as a landing page. Then have it directly link to your real site. You would then be able to track (on your real site) how many users came from myspace.In the meantime there are tracking tools available. Just google "myspace tracking hits" to find a few of them.www.mbridge.comhttp://www.mbridge.com
Every cybercitizen should be responsible and protect their private information. Visit http://www.onlinesecurityauthority.com for the Authority for Online Security for our future.
Post a Comment