Governments' systems used to power phishing push
As US training firm aids penis pill purveyors
Agentless Backup is Not a Myth
Lax security controls are allowing conmen to host fraudulent websites on servers run by government organisations and private sector firms.
For example, Symantec has detected a number of phishing sites that have been hosted on government URLs over recent months. In June alone, fraudulent sites were identified on sites run by the governments of Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, the Ukraine, China, Brazil, Bosnia and Herzegovina, Colombia, and Malaysia.
The quantity of phishing sites hosted on government systems flies in the face of the perceived wisdom that government systems are more secure. Systems are often compromised by hackers who gain access via a backdoor, a vulnerable Web interface, or some other means. Hosting bogus sites on government systems can have a number of benefits for phishers, Symantec notes.
"Hosting a phishing Web page on a government site has a number of advantages for a phisher. Government Web sites often receive a high volume of traffic, so their servers can handle the extra traffic generated by a phishing site," writes Symantec researcher Nick Sullivan. "This extra traffic might not be noticed immediately, giving the phishing site a longer lifespan before it is detected and shut down. Perhaps most importantly, hosting a phishing site on an actual government URL gives the phishing site a sense of authenticity that’s hard to beat."
Private sector firms are also contributing to the problem. US distance learning firm New Horizon, which really ought to know better since it provides security training, left spamvertised pharmacy sites running on its systems for over a week even after we first notified it of problems. The issue was brought to our attention by anti-spam activist Roman Hnatiw who says that such problems are commonplace. A screenshot of the offending website captured by El Reg before the problem was put right can be found here. ®
COMMENTS
Re: the Ukraine?
http://www.m-w.com/dictionary/ukraine
"In the past Ukraine was frequently referred to as the Ukraine; however, since Ukraine declared independence in 1991, most newspapers and magazines have adopted the style of referring to Ukraine without the the, and this has become the more common styling."
Secure?
Are you kidding me? I expect to hear the DHS is hosting a Jihadi website and the FBI is handling kiddie porn. Meanwhile, the Saudi government will just host hard-core. Spammers get their venture capital from criminals, who hire cracers (not hackers) for more money than they can make at home. So they're one, maybe two steps away from the security geeks.
the Ukraine?
Is that the same sort of thing as the France and the Germany?
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
