The Big Bald Blog More about Big Pappa Spend some money with Big Pappa Contact Baldy Get some Big Pappa Gear The Big Bald Blog

Tuesday, January 29, 2008

Hacking For Dummies

This post is being guest blogged by
computer engineer and published
author Steve Clark.

An interview with a pair of well-known security researchers uncovered an extraordinary view of the ecosystem that supports the phishing effort that plagues modern day financial institutions and their customers.

http://www.net-security.org/article.php?id=1110&p=1

"The reality is pre-made, ready-to-deploy, turnkey sites are already created for practically every major organization that you can think of.
All a phisher has to do is purchase the latest kit and deploy, no technical expertise or coding skills are really required. All the phisher typically has to do is place their email address into one line of code and they have a ready to deploy phishing site."

Once the 'turnkey' code has been modified with the correct email address, the whole site is simply uploaded to a compromised host on the internet.

Users receive an email that looks like it comes from a well known company (paypal.com for example) requesting the user to update their account status or whatever. Instead of going to the real website, the link leads them to the compromised website (which looks identical to the real one due to the turnkey phishing software that has become readily available), and are tricked into entering their account info which then gets emailed back to the hacker.

There are other ways to trick people going to the phishing sites that do not even involve sending emails, such as modifying the user's 'host' file located in C:\Windows\system32\drivers\etc. This is a fairly easy hack is possible to do through back doors or vulnerabilities in many peer-to-peer file sharing programs (used for sharing mp3's and avi's). Still other methods involve monitoring the user's internet port itself and intercepting and bypassing a user's DNS queries - what's known as a 'man-in-the-middle' type of attack.

The good news is that there are ways to protect yourself. Microsoft has even started adding support for phishing attacks in its latest internet explorer version 7.0.

Microsoft Phishing Filter

It is alarming to me the ease and relative lack of computer skill that is needed to create one of these phishing websites - as well as how hackers are trading around our 'private' information like some kind of commodity.

I guess the bottom line is be careful of where you are going on the internet, it might not be where you think you're going!

Thanks for the information Steve!

Labels: ,


Stumble This!   Digg This!

posted by Big Pappa @ 9:45 AM  1 Comments Links to this post


1 Comments:

At January 30, 2008 11:58 PM , Anonymous Mark said...

And to think what might have been had they only put their powers to good use. I'll never understand why someone would do something like this, and I mean other than trying to get money. Seriously, there are tons of other ways to get money, so why would someone feel the need to resort to such a tactic is beyond me.

Good post!

 

Post a Comment

Links to this post:

Create a Link

<< Home

Our Sponsors

Disaster recovery, online file storage and remote backup

Free postcard promotion

Subscribe With:

Add to Google Reader or Homepage Subscribe with Yahoo Subscribe in NewsGator Online
Add to My AOL