Feeds

Phishers use less strident subject lines to deliver new cunning attacks

'SECURITY ALERT' wasn't: 'Statement available' is

SANS - Survey on application security programs

The use of exploit kits is allowing phishing fraudsters to develop scams that only rely on tricking prospective marks into clicking a link, rather than submitting all their details to a bogus website.

Many recent phishing runs spotted by Trend Micro have made use of the notorious Blackhole Exploit kit. The hacker favourite is used to automate the process of mounting drive-by-download style attacks from compromised (often legitimate) websites. Blackhole preys on browser exploits, Adobe software bugs and most recently the latest Java vulnerabilities, a particular successful strategy since third-party software frequently goes without updates.

By using the exploit kit in phishing emails, cybercrooks move away from the tricky process of coaxing marks into submitting data to bogus websites, traditionally pulled off using a bogus security alert from their bank as a lure, to simply tricking users to open an email and click a link.

The shift means that the subject matter and tone of phishing emails is changing. In addition, the traditional security advice about phishing emails is becoming out-dated, Trend warns.

Phishing messages of yesterday typically screamed "security alert", while modern messages are more subtle and feature subject lines such as "Your statement is available online", "Incoming payment received" and "Password reset notification".

"In many cases these messages are identical to the legitimate messages sent by the legitimate organisation," Trend Micro warns. "Sometimes, the only difference between the legitimate version of the email and the phished version is the bad link".

The use of banking Trojans, spread using exploits and vulnerabilities, such as ZeuS and Cridex has been going on for years. Banking trojans developed using cybercrime toolkits look for activity such as logins to financial websites. As well as appearing on compromised legitimate website surfers are getting exposed to exploit toolkits via their in-boxes, thanks to a shift in tactics by e-banking fraudsters.

Trend's research, published on Thursday, documents changing tactics for spreading banking trojans as well as explaining how standard anti-phishing advice is no longer valid, a factor that make its white-paper Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs (PDF) worth reviewing.

Trend looked at more than 200 separate spam runs featuring in excess of 40 organisations during Q2 2012. The spam campaigns claim to be from legitimate companies such as Intuit, LinkedIn, the US Postal Service (USPS), US Airways, Facebook, and PayPal, among others. Compromised sites were used and reused from one attack to another. Exploit methods were the same and the botnet networks used in many cases were also similar. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.