DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
August 27th, 2008
Call out a phisher, get attacked by malware
Users tired of phishing attacks who retaliate by talking back are being targeted with exploits designed to hijack their computers, a security researcher said today.
In a new twist, phishers using the Asprox botnet have struck victims who use the scam's log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanity in place of a username or password, said Joe Stewart, director of malware research at SecureWorks Inc.
Users who know better than to divulge their online banking username and password in the forms linked from phishing e-mails, but who use words such as "phish" or a wide range of what Stewart called "bad language," are targeted for a follow-up malware attack.
"The phishers are looking for three things," said Stewart. "First, if you don't fill out the form completely, second, if you use the term 'phish.' And three, if you use any kind of bad language."
Although users who backtalk sidestep the identity theft, they may be at risk from the second-round attack, which is launched by a recent version of Neosploit, a well-known multi-exploit attack kit often used by hackers.
Users who have not kept Windows up to date, or applied patches for popular browser plug-ins, such as QuickTime and Flash, will be vulnerable to the Neosploit attacks, Stewart said.
More people than one would blast back at phishers in the log-in screens, Stewart said, noting that when SecureWorks locates data obtained by phishers, it often includes a "fair amount" of profanity and other uncomplimentary comments. "People think, 'While I'm at it, I might as well take some retaliatory action,'" said Stewart.
The Asprox botnet contains at least 50,000 compromised computers, maybe more, Stewart estimated.
"I can't recall seeing an attack quite like this before," he added.
Source: ComputerWorld
All news for December, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
