Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.
The Internet, in particular, means for us boundless opportunities in life and business ? but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us.
Warning: There are Websites You'd Better Not Visit
Phishing websites
Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information.
At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students.
Keyloggers and Trojans
Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.
It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.
Fraudulent websites are on the rise
Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated.
A Hybrid Scam
In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website.
Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details.
This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).
As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.
Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.
Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code.
Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers.
When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data.
Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) ? so the information is captured even if the user doesn't type anything, just opens the views the file.
In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly.
What a user can do to avoid these sites?
As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank.
Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse.
As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive.
As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk.
Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more.
Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work.
Learn more -- visit the company's website http://www.anti-keyloggers.com
Hot Hardware
Hartford Courant, United States - Aug 29, 2008
New York Mellon disclosed in May that the security breach affected 497333 Connecticut residents, most of them depositors of People's United Bank in ...
Security breach at bank hits 12M people: BNY Mellon records could ... TMCnet
BNY Mellon Data Breach Potentially Massive InformationWeek
Bank of NY Mellon says data breach now affects 12M CNNMoney.com
Reuters - SC Magazine UKall 51 news articles
Kansas City Star, MO - 27 minutes ago
Operation Secure Magnolia is under way and Homeland Security Secretary Michael Chertoff, FEMA Administrator R. David Paulison and Mississippi Gov. ...
Homeland Security Chief Urges Disaster Preparations For Gustav WLOX
A Note I Sent to You -- Three Years Ago ...from Michael Moore Huffington Post
FEMA Prepares For Gustav WJTV
all 1,312 news articles
ChattahBox
Washington Post, United States - Aug 28, 2008
Security Flaw and repair date: A recently discovered security flaw will be fixed by September, Apple ( NSDQ: AAPL) told Macworld today. ...
Network Security Apple Won't Fix iPhone Passcode Hole Until September CIO Today
Apple promises September fix for iPhone security flaw Macworld
Apple To Fix iPhone Security Flaw In September Update ChattahBox
CRN - eFluxMediaall 127 news articles
MarketWatch - 15 hours ago
A new pre-security Houlihan's opened this week in the Lindbergh Terminal Ticketing Lobby, near Checkpoint 1. The full-service restaurant is accessible to ...
Calgary Herald
Xinhua, China - 4 hours ago
30 (Xinhua) -- The Hamas government in Gaza will evacuate al-Saraya, the main Gaza Strip security headquarters, within the coming weeks before the movement ...
Al Jazeera reporter release ordered Aljazeera.net
Egypt opens sealed Gaza crossing The Press Association
Palestinian police arrest 10 in Hamas mosque raids Khaleej Times
all 703 news articles
Variety
Rocky Mountain News, CO - 7 hours ago
"The Secret Service said yesterday that we have set the standard for how a convention, in terms of security, should be run," Katherine Archuleta, ...
Video: Getting into the Democratic Convention CSPAN
Cloud of security swirls around Obama Chicago Tribune
Security net drops on Denver for Democrat jamboree AFP
Dallas Morning News - CNNall 38 news articles
Canada.com
ZDNet UK, UK - Aug 28, 2008
... easy it was to break into the Nasa systems, or, to quote his dad when I spoke to them both outside the House of Lords in June -- "The security was crap. ...
Space station computer virus raises security concerns New Scientist (subscription)
The IT Security of the ISS Wired News
Ground Control To Major Tom: Check Your Laptop For Worms CRN
InternetNews.comall 218 news articles
KARE, MN - 13 hours ago
Such a room has been set up just 27 times since 1998 when President Clinton created a category known as 'National Special Security Events. ...
FBI outlines role during RNC Minneapolis Star Tribune
Secret Service Command Center Readies For GOP Convention CBS News
Inside US Secret Service's Republican Convention Command Center FOX 9 News
KAALtv.com - WCCOall 33 news articles
InternetNews.com - 17 hours ago
An Apple spokesperson told Reuters via e-mail that Apple was aware of the iPhone security flaw and is preparing a software update to fix the flaw, ...
Hold On To Your iPhones, Apple Says Fix On The Way CRN
IPhone security flaw allows bypassing of password San Francisco Chronicle
Security hole opens up password protected iPhones CNET News
eFluxMedia - VNUNet.comall 40 news articles
Los Angeles Times, CA - Aug 29, 2008
Two attackers wrested a handgun from a security guard at a Los Angeles bank Thursday, then fatally shot him with his own weapon, police said. ...
New info in security guard shooting case abc7.com
Bank Security Guard Shot, in Critical Condition After Robbery MyFox Los Angeles
Security Guard Shot Outside Bank Dies KTLA
Los Angeles Times - Los Angeles Timesall 6 news articles
Computer Viruses - How to Remove a Computer Virus from Your Computer
Computer viruses infect millions of computers every day. Viruses can destroy data, steal important information,... Read More
Spyware Symptoms
Spyware symptoms happen when your computer gets bogged down with spyware programs running in the... Read More
Is Spyware Watching You?
Imagine my surprise when I received a phone call from a friend who told me... Read More
How To Prevent Spyware Attacking Your Computer
Spyware is software or hardware installed on a computer without a user's knowledge. It gathers... Read More
Be Alert! Others Can Catch Your Money Easily!
So called phishers try to catch the information about the account numbers and passwords of... Read More
Its Time to Sing the Encryption Song - Again!
Yes, I'm wearing my encryption hat again. Why you may ask? Well I just finished... Read More
The One Critical Piece Of Free Software Thats Been Overlooked
Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work When You Switch Your Pc... Read More
A Painless Plagiarism Solution
A crowded marketplace can lead to unethical webmasters using underhand techniques to get ahead of... Read More
Technology and Techniques Used in Industrial Espionage
Industrial Espionage. These methodologies are being used on a daily basis by competitors maybe even... Read More
How to Fight Spyware
If you are wondering how to fight spyware for safe web surfing, this Internet privacy... Read More
Why Corporations Need to Worry About Phishing
Phishing is a relatively new form of online fraud that... Read More
How to Prevent Online Identity Theft
Identity theft rates one of the fastest growing crimes in... Read More
How to Know Whether an Email is a Fake or Not
A few nights ago I received an email from "2CO"... Read More
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living... Read More
7 Ways to Spot a PayPal Scam E-Mail
Paypal is a great site and is used by many... Read More
Internet Identity Theft - How You Can Shield Yourself
With the advent of the World Wide Web, a whole... Read More
Its War I Tell You!
There are ways to insure security though. You can get... Read More
Watching the Watchers: Detection and Removal of Spyware
If spyware were a person and he set himself up... Read More
Hacking Threats and Protective Security
The 1998 Data Protection Act was not an extension to,... Read More
Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's... Read More
Internet Privacy
Over the past few years as the internet has become... Read More
Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders
Can you protect your computer from all possible viruses and... Read More
Click Here To Defeat Evil
Microsoft routinely releases new security updates, many of which are... Read More
What to Look for before You Purchase Spyware Software
Huge number of spyware software applications are available in the... Read More
Password Security and Safety
There is nothing more important that password security in world... Read More
Breaking Into Your PC: News...
You'd better learn news from media, not from emails, security... Read More
Reporting Internet Scams
When it comes to reporting Internet scams most of us... Read More
Message Board Security Problems
Security leaks can be a big problem for any site... Read More
Phishing
Recently I have received email from my bank/credit Card Company,... Read More
DOS Attacks: Instigation and Mitigation
During the release of a new software product specialized to... Read More
Burning Bridges is Bad, But Firewalls are Good
When you signed up for that ultra-fast DSL or Cable... Read More
Remove Rogue Desktop Icons Created By Spyware
If you have used a Windows machine for a while,... Read More
An Open Door To Your Home Wireless Internet Network Security?
This is not some new fangled techno-speak, it is a... Read More
Is Your Email Private? Part 1 of 3
In a word, no - an email message has always... Read More
Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support... Read More
Internet Security |