31 March, 2005

Phishers change bait as IM use grows -ZdNet:
Previous phishing attacks were based around luring a user to perform an action through social engineering, primarily through spoofed e-mail and Web sites. The use of IM to spoof companies and phish for information is becoming more frequent.

Yahoo last week confirmed that users of its Messenger software were being targeted by this type of attack. According to the search giant, attackers are sending members a message containing a link to a fake Web site. The fake site, which looks like an official Yahoo site, asks the user to log in by entering their Yahoo ID and password. The scam was more realistic because the incoming message appeared to originate from someone on the victim's contact list.

Phishing without a lure is now becoming more prevalent among attack styles. The most common is malicious code which either modifies your host's file to point commonly accessed sites to the fraudulent site. DNS cache poisoning is also an alternative means that can be used to resolve information to non-legitimate Web sites. The simplest form of cache poisoning is simply sending fake answers to someone's DNS server.

Check out this site for a funny analogy to cache poisoning.

1 comment:

county internet marketing orange said...

Found your blog while surfing, great info...would you like to visit my blog as well?
free lead mlm Please Disregard the title it's on my product web site.