|
|
|
|
|
|
|
|||
|
|
|||
|
|
|
|
|
|
|
|||
|
|
|||
|
|
|||
|
||||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
Phishers have now added outlook in their phishing kit of tools for scamming victims on the Internet. Unlike the familiar emails attempting to trick people into filling out their bank login information on a phish scammers site, phishers are now developing phishing technology solutions of trojan spyware / virus which doesn’t even require you to open your email.
Attacking vulnerable computers without the security update patches, the virus will exploit an ActiveX control to run a script. The script will rewrite the computer's HOSTS file, causing all connections to certain Brazilian banks to be redirected to the scammer’s site. Unfortunately Outlook and Outlook Express have default enabled preview pane executing the script simply by clicking on it. You don’t have to open it for it to execute!
This is deliberately thought out by the phishers and used as a tool in their phishing kit. Attempting to delete the email in Outlook / Outlook Express will cause it to be activated!
Similar phishing attacks are expected towards European and North American banks. Anti-Phishing.info strongly recommend turning off the preview pane in Outlook/Outlook Express, or change to a different email program as an Anit phishing download counter measure.
Rewriting the HOSTS file have been seen by spyware programs which operate by using the same phishing kit tool, Outlook. Spyware usually hijack your starting home page or redirects you to sites of their wishes. However, once the mass spammed emails contain spyware / virus Trojans, which aims to phish banking logon information, it can be categorized as a phishing attack. In general Phishing articles show intertwined connection between spyware, virus, Trojans, spamming and phishing, with diminishing border lines between them.
The Xrenoder trojan spyware resets your homepage and / or your search settings to point to other sites usually for commercial purposes or porn traffic. For information about how to remove or uninstall the xrenoder trojan, go to spyware-removal.com
The Cpanel google is a trojan spyware which changes the DNS entry in your HOSTS file to point to it’s own site. If google gets redirected there is a chance you have a version of this hijacker. To delete and remove Cpanel spyware / adware free, visit spyware-removal.com
From phishing kit back to Phishing examples
From Phishing kit back to Anti-Phishing.info