Phishing, Fraudulent and Malicious Websites
By Alexandra Gamanenko |
Whether we like it or not, we are all living in the Information Age. We have
nothing left but adapt to rapidly developing information technology, no matter
who we are and what we do for living.
The Internet, in particular, means
for us boundless opportunities in life and business - but also lots of dangers
unheard of just a decade ago. We should be aware of these dangers if we want to
use the huge potential of the Internet and to avoid the hazards it brings
us.
Warning: There are Websites You'd Better Not
Visit
Phishing websites
Thanks to authors of
numerous articles on this topic, "classic" phishing technique is relatively well
known. This scam involves setting bogus websites and luring people to visit
them, as a rule, by links in emails. Phishing website is disguised to look like
a legitimate one -- of a bank or a credit card company, and users are invited to
provide their identifying information. Sites of this kind are used solely to
steal users' passwords, PIN numbers, SSNs and other confidential information.
At first phishing consisted only of a social engineering scam in which
phishers spammed consumer e-mail accounts with letters ostensibly from banks.
The more people got aware of the scam, the less spelling mistakes these messages
contained, and the more these fraudulent websites resembled legitimate ones.
Phishers are getting smarter. They eagerly learn; there is enough money involved
here to turn criminals into earnest students.
Keyloggers and
Trojans
Since about November 2004 there has been a lot of
publications of a scheme which at first was seen as a new kind of phishing. This
technique includes contaminating a PC with a Trojan horse program. The problem
is that this Trojan contains a keylogger which lurks at the background until the
user of the infected PC visits one of the specified websites. Then the keylogger
comes to life to do what it was created for -- to steal information.
It
seems that this technique is actually a separate scam aimed at stealing personal
information and such attacks are on the rise. Security vendor Symantec warns
about commercialisation of malware -- cybercriminals prefer cash to fun, so
various kinds of information-stealing software are used more
actively.
Fraudulent websites are on the
rise
Websense Security Labs -- a well-known authority in
information security -- noticed a dramatic rise in the number of fraudulent
websites as far back as in the second half of 2004. These sites pose as ones for
e-commerce; they encourage users to apply for a reward or purchase something, of
course never delivering the product or paying money. The most popular areas for
such fraud are online pharmacies, lottery scams, and loan / mortgage sites.
Experts predict there will be more fake merchants in future and their scams will
become more sophisticated.
A Hybrid Scam
In April
Panda Software warned Internet users of a new particularly brazen scam aimed at
stealing confidential information. The technique used here looks like a hybrid
between phishing and a fraudulent website.
Panda Software identified several
websites offering cheap airline tickets which in fact weren't selling anything;
the aim was to cheat users out of credit card details.
This scam is very
simple; the thieves simply wait until some unsuspecting user who is searching
for, say, airline ticket offers, finds their site offering dirt-cheap airline
tickets. Really pleased with himself and looking forward to the trip, the user
fills in the form, entering his credit card number, expiry date and verification
value (CVV).
As soon as these details have been entered, an error page
appears; it tells the user that the transaction has been unsuccessful, and
offers instructions on how to pay for the ticket by postal money order. So the
user may well be fooled twice. He loses his credit card details, putting them
right into the hands of cyber-crooks, and then loses money, if decides to buy
the ticket by money order.
Of course, these sites have already been
disabled, but who knows whether (or better to say when) other ones will appear
again, this time offering all kinds of products.
Malicious websites are
especially dangerous. Cybercriminals create them exclusively to execute
malicious code on the visitors' computers. Sometimes hackers infect legitimate
sites with malicious code.
Bad news for blog readers: blogs can be
contaminated, too. Since January, Websense Security Labs has discovered hundreds
of these "toxic" blogs set by hackers.
When unsuspecting users visit
malicious sites, various nasty applications are downloaded and executed on their
computers. Unfortunately, more and more often these applications contain
keyloggers--software programs for intercepting data.
Keyloggers, as it
is clear from the name of the program, log keystrokes --but that's not all. They
capture everything the user is doing -- keystrokes, mouse clicks, files opened
and closed, sites visited. A little more sophisticated programs of this kind
also capture text from windows and make screenshots (record everything displayed
on the screen) - so the information is captured even if the user doesn't type
anything, just opens the views the file.
In February and March 2005,
Websense Security Labs researched and identified about 8-10 new keylogger
variants and more than 100 malicious websites which are hosting these keyloggers
EACH WEEK. From November of 2004 through December 2004 these figures were much
smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week.
There is by all means a disturbing tendency--the number of brand-new keyloggers
and malicious website is growing, and growing rapidly.
What a
user can do to avoid these sites?
As for phishing, the best
advice is not to click any links in any email, especially if it claims to be
from a bank.
Opening an attachment of a spam message can also trigger
the execution of malicious program, for example a keylogger or a
keylogger-containing Trojan horse.
As for fraudulent websites, maybe
buying goods only from trusted vendors will help -- even if it is a bit more
expensive.
As for malicious websites... "Malicious websites that host
adult entertainment and shopping content can exploit Internet Explorer
vulnerabilities to run code remotely without user interaction."(a quote from
Websense's report). What can a user do about it? Not much, but avoiding adult
sites and buying only from known and trusted online stores will reduce the risk.
Hackers also attract traffic to malicious websites by sending a link
through spam or spim (the analog of spam for instant messaging (IM). So a good
advice never follow links in spam is worth remembering once
more.
About the Author
Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an
independent software developing company that provides various solutions for
information security. Learn more -- visit the company's website www.anti-keyloggers.com
Top of Page |
|
|
|
