Re: Discovering and Stopping Phishing/Scam Attacks

From: Lode Vermeiren (lode_at_linu.cx)
Date: 04/26/05

Next message: matt.neeley_at_familyfeaturedproducts.com: "RE: Discovering and Stopping Phishing/Scam Attacks"

Previous message: Randy: "Re: Discovering and Stopping Phishing/Scam Attacks"
In reply to: Randy: "Re: Discovering and Stopping Phishing/Scam Attacks"
Next in thread: matt.neeley_at_familyfeaturedproducts.com: "RE: Discovering and Stopping Phishing/Scam Attacks"
Reply: matt.neeley_at_familyfeaturedproducts.com: "RE: Discovering and Stopping Phishing/Scam Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com, incidents@securityfocus.com, Randy <rho@clunet.edu>
Date: Tue, 26 Apr 2005 22:51:21 +0200

On Tue, 26 Apr 2005 steven@lovebug.org wrote:
> > As we have all noticed, there has increase in the number of phishing/scam
> > attempts via e-mail that appear to be legitimate. Most of

> > and e-mails do not host their own images. From what I have seen, more
> > often than not, these e-mails and websites link directly to images hosted
> > by the legitimate website.

> > Since they are linking to the images hosted on the site they are cloning
> > -- the banking/e-commerce website could just rename their images on
> > their own webpage every so often (and update their webpages accordingly).

Op di, 26-04-2005 te 13:13 -0700, schreef Randy:
> Seems like a maintenance nightmare waiting to happen.
>
> ~randy

Renaming the files would indeed be a maintenance nightmare, but I don't
see a reason why the webserver hosting the image can't do a referrer
check, and only serve the real images if they are being loaded from the
real domain. In all other cases they could return a "THIS IS A FAKE
PAGE" image, or perhaps even some shock site[1]

Lode

[1] please don't follow any of the links on
http://en.wikipedia.org/wiki/Shock_site
You have been warned.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Next message: matt.neeley_at_familyfeaturedproducts.com: "RE: Discovering and Stopping Phishing/Scam Attacks"

Previous message: Randy: "Re: Discovering and Stopping Phishing/Scam Attacks"
In reply to: Randy: "Re: Discovering and Stopping Phishing/Scam Attacks"
Next in thread: matt.neeley_at_familyfeaturedproducts.com: "RE: Discovering and Stopping Phishing/Scam Attacks"
Reply: matt.neeley_at_familyfeaturedproducts.com: "RE: Discovering and Stopping Phishing/Scam Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]