|
|
|
|
|
|
|
|||
|
|
|||
|
|
|
|
|
|
|
|||
|
|
|||
|
|
|||
|
||||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
Spoof frauds can be intertwined with phishing scams, spam emails and spyware, to make a deadly combination towards internet security. One example of this is from 16.8 2004 when Britain's top cybercrime fighters had their hands full from working with the banking industry to stop a vicious phishing attack.
"Spammed and spoofed emails contained details of a fictitious order for Web hosting or computer goods and thank the email recipient for a non-existent order. In addition, they also display the apparent cost that will be charged to their credit card.
“Further details” about the victims order could be accessed through links going to 'Trojan horse' websites in North America and China. "This is really vicious. It's just a normal phishing attack but something that tries to install backdoors on victims' PCs through a Trojan horse" said a National Hi-Tech Crime Unit spokes man.
The Mitglieder proxy Trojan downloader routine is capable of dropping a keystroke logging program onto vulnerable PCs. This exploit is possible because of well-known Windows security bugs, namely an MHTML URL vulnerability (MS04-013) and an ADODB.Stream vulnerability. Both of thses flaws can be fixed by the latest Internet Explorer megapatch (MS04-025).
If a machine becomes infected, the next time a customer uses their PC to access their own online banking site, the Trojan can potentially record their secret passwords and PINs used to log-on. This information is accessible to attackers thereby compromising the security of victim's online banking accounts. In addition, the Trojan surrenders control of the machine to attackers. It's unclear how many users have been hit by the attack. "
Source:
http://www.securityfocus.com/news/9326
From phishing scams back to phishing examples
From phishing scams back to phishing.info