Friday, May 27, 2005
Phishing twist relies on bogus blogs
It appears that even something as innocent as a blog can in fact (phact?) be a ''malicious virus writer's attempt to phish'' - and you are the prized catch he's after!!! Yikes. If, in this day and age, one is not safe even in the supposed-to-be innocuous surroundings of a BLOG... where can one be truly 100% safe anymore?!?
Online or offline...! Huh? HUH? *lol*
Rest assured though, faithful readers, that on the luminous blog there is nothing phishy going on - at all... ever! No phishing allowed on luminous land - except that of souls mayhaps...! ;)
Last modified: April 12, 2005, 8:27 AM PDT
By Dawn Kawamoto
Staff Writer, CNET News.com
A new form of phishing is taking shape and riding on the growing popularity of blogs, security company Websense said Tuesday.
Malicious virus writers are attempting to lure people to malicious blogs using enticing e-mails and instant messages, according to a new report from Websense. Once a person arrives at the blog, which can be posted on a legitimate host site, the victim's computer becomes infected with software designed to steal sensitive information, such as passwords and bank account information.
"These aren't the kind of blog Web sites that someone would stumble upon and infect their machine accidentally," Dan Hubbard, Websense senior director of security and technology research, said in a statement. "The success of these attacks relies upon a certain level of social engineering to persuade the individual to click on the link."
In the past four months, Websense has detected hundreds of cases where blogs were used to store malicious code and infect users' computers. Malicious virus writers are attracted to blogs not only because the medium's popularity is growing, but also because of the free storage often provided by the host site and the lack of antivirus protection provided for these posted files.
Websense said that as of Tuesday, there are 210 active bogus blogs. The company also notes that the average lifespan of one of these blogs is three or four days.
In one recent case, Websense found a spoofed e-mail that tried to lure people to a malicious blog that would run a Trojan horse. The e-mail looked like it came from a popular instant-messaging service, and it tried to entice the recipient to click on a link to get a new version of its IM program. But when people clicked on the link, it directed them to a blog that hosted keystroke-logging software to steal their passwords when they accessed certain online banking sites.
The use of blogs is just the latest twist on phishing techniques. Other phishing offshoots include cross-site scripting and DNS poisoning.
eBay scrambles to fix phishing bug
March 4, 2005
Finding a replacement for passwords
February 23, 2005
Vigilantes launch attack on scam sites
Find those stories on... CNET News.com
That is scary! That makes me warry of going out and looking at unknown blogs! I think my computer is pretty well protected, but I wouldn't want to test it!
Thanks so much for warning us about this!
Phishing in Yahoo Messenger!
I wonder if I should start using MSN messenger for a while until Yahoo Messenger gets some security walls for this?