|
|
|
Study: Phishers Get More Sophisticated
By: Matthew Broersma
2005-05-20
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Researchers from the Honeynet Project find that phishers are using increasingly sophisticated techniques such as botnets to carry out their attacks, and that a large numbers of users are still falling for the scams.A technical study of phishing techniques published this week by the Honeynet Project has found that large numbers of users are still being readily tricked into visiting fake sites designed to harvest banking and financial details, despite massive efforts to educate consumers.
The study found that, far from being carried out by isolated hackers, such scams appear to be the work of highly organized groups employing huge networks of compromised systems—called botnets—and using increasingly sophisticated techniques.
Phishing is a type of online scam that attempts to collect information such as credit card and bank account details by luring users to malicious Web sites counterfeiting those of well-known, trusted institutions. Popular targets include major banks and e-commerce sites such as eBay or PayPal. Users are typically lured to the sites via authentic-looking e-mails that appear as if they come from the institution; these are sent out in bulk from the same types of compromised systems used to host the fake sites.
Security experts have warned of a dramatic increase in phishing activity for months, but the Honeynet study offers a new level of technical detail into the workings of such scams, as well as fresh evidence of the growing scale of the problem.
The project drew its analysis from honey pots, or systems set up to present attractive targets for attackers—for instance with older operating systems that contain well-known vulnerabilities. A honey net is a large network of such systems. The study is based on analysis of multiple attacks against honey pots deployed by the German and U.K. Honeynet Projects.
Researchers said they were surprised at the ease with which hundreds of users were lured to the fake sites set up using the honey nets. A site set up on the U.K. honey net, mimicking a bank, received 265 visits in four days. The German system was used to redirect traffic to a fake site in China, and researchers observed the redirection of 721 unique IP addresses within a period of about 36 hours.
"We were surprised by how many users were apparently being tricked into accessing such content through phishing e-mails," the study said.
 Click here to read about reports that phishing attacks may be declining.
The way the scams were set up hinted at groups of well-organized, technically advanced scammers, researchers said. In some cases users began trying to access a site before it had been completely set up, suggesting the spam e-mails promoting the bogus site were being sent from an entirely different server. "Well-constructed and officially branded pre-built fake Web sites are routinely being deployed onto compromised servers—often targeting multiple organizations via separate micro sites, with separate Web server document roots, along with the necessary tools to propagate spam e-mails to potential phishing victims," the study said.
Researchers found evidence that the scammers were making use of botnets, or large networks of remotely controlled systems, for sending spam, hosting sites or redirecting traffic. During a five-month period late in 2004, the German Honeynet Project observed 100 separate botnets. Scammers also appeared to be using intermediaries to transfer funds internationally, in order to escape detection by financial authorities.
While security professionals are well aware of the scale of phishing scams, the ordinary people targeted by the scammers often havent even heard the term before, according to Carole Theriault, a security consultant with Sophos plc. "Phishing is essentially a con trick, its an age-old technique using new technology," she said. "They look good, and when people see these they cant imagine that its some guy trying to get in their pocket and get their cash."
Technical solutions can only go so far toward preventing the problem, she said. "By definition there is no malware in it. It goes after the bug in peoples brains that makes them want to believe the experts," she said. "Being vigilant is paramount in stopping this."
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}mW� K�>�B;@$L(�� =��Jb�gi-$JR%\8д�,JSg{>y"I7o���a0TE[��oHzN�Z�@]}8�u�Az��|m@^c?0,Ad-FF5��%�j'A]k5c{F=/S}L}�F���.pѲ�eb
ھ�I�_=E9�J��GDq�kv)p#(Ds�XF��G�H0 �g*>Nuol셨��9PRXVP~�FD�ǎ5~�[{+C�r�_Ca50vʡ黖>?"�1�CVl�fesVC�6�i!rs�!�gKݻ�H<匝o8Gd jlI�*v`iTi11<��k�w^]ñ���\./RFՌiAstԭ}S��ƺcGk�ԏ �1,{`�:�rH�n6�,uQj)g�?L�I܅F؎M�YnU~=
:Ѝ�y$�&j&�p,U)M P'��>4aģz�r$0tf0�i�l�ȆuWRP*JX9(�*�5(Px0[={4q*s܂L�Ͽv/irxٽj_H� �K�5-%;ZQ;lt�|l]\�[�r m
+to$&�џ@DR�bm$"���PcbCC$@BK.ZQWB-�EMjZQAr$0L"�@K�1zĢ!�qu;_L-^m^:CF,��KAT4
行Ġ�@tV?#{Ӡjq{vzrq۾:vY熜>OZ]$O#t:!(PtfAZڪﯭy�\߃
�_<�$=N-rO=��,��j��iT�%5�IuL�(u}Br,�OdwJ~9]^��Czn&J�ݒUL_,8Xȏ�KQ
�%�`cU�|`搒m�ɔc�P5��49�];J~}E#C^7iB!
�)BÔ�:�̼N�R�$9�PX��D`4�R\� 9b�*6�K .ƃ]M9��d|!C�C�-ɿE7+dԌOө$ɛ!"G�9Cx0.�|!XsI��((�{�?�N�IR]E6\la>Usٹ>ljYYV'*daeIUiQO��\z�c�gfMt;W�>]�Lq#}f��w�͂i�u4SO�~ҡ9�m'#<2h:m�5ƹ�$�
47P}HG:QI�$3p|g�<�-z13�a
�>��R�>�n=��J$�>Q7�ZЉ�χ�A%ǶCMߟ�L�=�u#08�w�ɽ 5��P�ͻ�iy1�&}��բ�!Tfgg,z�e= |
v�,�ߣ9�#*릥�L�T<�ģÙA }t
]|+s\(�7^ S�2(%EE�s���4.'P(BHP!�9k���� ���99�
�ŌP~ޑ�zZ:Hj�'9Tt{B#�;}Tz,��τ>*%�qRPٜ�*,%5M��X�*ȉ#�"0�9X����
4�j
h�k%Ƽ
RӴr�j4iMhFa�f=@�.ϼ3�&,`b��T��%LE;Nt
3�AP~9���?w
Xz0aFiŬ9c�兏y�5��du)fNM���Ә
\
�g?6`Z&4D
7q�9kI�^\'1MM��f�aM�v"�Wv�6`�zT�4'://'ܑ-Ӿ�RoBo*څP��!_.dA�\^*VAB1
:d:�l'9oU 2g4ݤlr%e�Ry`OEҏa5=�%Ӈ>^`��3{q%%Ag
�-SMs�\/g�[[%3˺Obum"$l�J}oiX�Z @-�e�i
,-ً�X4�ujQWt0T:��T
emځbX�G�(J�G.1~�/aҵ(&n�w߱}�|sŶ��fOU�gӟ@�-jISJԊ���kεt)D���ΰ@F]SԨ�⺪T�E_[ig�7{}h��#R�2A="���8�
vt:��ZJB�5�?�*YCܐ",�y�9~햯's�ޒO,g6,3wz&J��ĴR,[5V-0��3+VH]~4Nd_CtM���g\մR�4!#1�s*�=x6�u8X]@aMɧzX±F�p��a�qgX7f| m{H�%Xhb9B�J9��ޥ�P͜)�P7@yz ���je�� -�ə^ 9yvj�ÄqiS))r�T*H+Etl�qM×[?nH�o3_郦vt�)3M�(C�jn>,0t&]☆�`B'�Ke7UYcO�R|�(\{C>�m�
^L>s�x�IT6��bE-) Co_���5r�hOk
G+�++i-^2�y~
n��[��4w�ҨK�3[Y>)Ӕ�Wϰ�:3d�Rb��
kȣ^h-iBsEj
`��3S?f�4$N^�VpDMb?� )03?2TCٸUzJ0iUI+VZ}��ԡ}2f{cV�$}7v�\F�I'sSfu
t�o0|7�n>��zIΝ
�t׀m+J9WnG;a6&ri�G\�P�rP>}bxH�E~w9Yo9�|\V*
�d:C�d�`| !A-a#d1~��!L̾~xfmڝ# [#^���WK�KKx�ihïR�)�Z~~pu*/[lb8�}�L�@I
�4�pHq�3'^l�yzھz/2᷋Y/`�#BaN�p.7W%E�ūUKJ:\[�j�DH͋#�䄬�W!zN.Z͛FS�Luk3d8)2/g~H��6�}�ik:�R_KuÉ���|9�kI*D|d[5gH0�
�ͣ ۵}gE�nU���ka��~��
I��*U:qg��AQj��@�R`OH�[%#NHvZfp4{"��B4�X
1t��"�(BR.IHO�§,uҹir3�lo�}EF_�K r�!~_!c/Mp<"��m{pУ3[JqkGҹ'$CybS`݅
{.Z�s3�FҴ�v8���?$E��:�[7@Gdb�Ԏ(%T�\
/"�O�6l->{0��cd9�Ga�(�$|z&I[ɰ
ݒ:h,5�r)!M��p�)|Lhk'IZV�6X(��4%!4T^ҌObCYF*]7'�ҽn^mp�P�poS6�R}~뺱�yx492i�(5�^y�N�H�>ޢ)-&'HuT䵤�
g[YgUHN~D��C�6��OY`0�9/�S"6GI6
Di:n�;��G�@(NVu2k=�(�
,&��]7_>_mEoYU2�хɘ�Kԍ A�/g�h9[�R>sr0&xf"6TNl�wy/ +(Up")5Xf�x>A��v�X��yx��:Sݴ�r!W�i^Z7yw�b�`~%e$H'RС{#|$~!ݫ]�U�Յ_�>���TdX��GN��V:e5bKf0�ߊ'{)S^[v§}E��stRTsd;I2ӱ$B�TU+h
ۻ�ȾEVeΜtՕNt;>�2i�ɸ�7YM��(fh~Z:pKҠc�m}d�<ݸޮ3mC\~l߫A�'�zX<}]bwSȤ{/o6,2d]��ʉ�J �\yN�
iRȊOL�!�gkbr7m�7^T\i]?�]o��u
+i�%�}gx>&Aٛ$`}A0�8�h==sZ1s否11aaNE~$G�a�hr+��- zfZ�zDl87^�A5'ԙ,R֊hz1Ď]��1z_Ce��S|N�MP< |!"r,y_F~?2�L�6ke�<�|m'a`^氞[ң�4c㾮Fw6�����L/GoeH_�H�S�áz��a��):igQ!u/�1<0axHiȂ��(d`�,��YUhOTqQq���hk�Jc5LD'#1נtp�Oo-3
��SVL;]Ƣ6�wj;nY]ȃJ=yP@�ᔒ)"zs+Z$e%n!^ۂHT�DU��<�S@LW Ĵ&�CBr{b�w�,j�C.'C6yȦȚ���-|6G!��ON1&x��F}Y�M kʨ�ChE^+%�W;8�W��
G�p3BTG #�2Y��BH:
$w(zZMn$lR@v�*8]"����(K#hH9G{i*8M���M�I`SӒP/�+�oe��{�Aeb�+�*C�d�
�D�{Ax�A�>ot4%*$6Ƴ-m_so�GV$*)Ž�J^Ҏ���,�t��ra,@J=!Mx@Gt�$��apH��8%u֖(�{]�[eߖ4 Miz4q̤=F/
|fVHHt��(FX��-,��{٫FVVC_`ʦC=[ǻ�M%aP�) X@ß�@8��'6�!K`lHڬ=c~Q7%�
q�*0ax/!7H#ǓR�Se�N� I� �fo�A2��e�bh<3jNdS]fܶҍcI�`$v,ʓK}�Nn($,V|)jzF/�HcFJz�W^K`�UK]}{t a'`C�6���YbT1N/UV�2�.p� b*�� `��2U0�"幈h�Z)�Q�&)h��wzP
F�-K�>I~!|�A&��>Iz�apAԾ���jC:}W6ҋ}C-�ċY
_:�eױ܇ń1�C9"�
P�VE_Ou��H�a7,!T^}w�DEj_wk�g&i?p&¢��E /JxQǢ�!aO7ac\,o&Y&&&&dJud#/t͞nI��,ֵ@mܑ�e�!:�ei~XOղ�Oc}ڟm�ԛPX� "~�n��NC(s_�n۰Od/oy4L�up^l[aL /U�=�
cVrx��/p���Yݍ�n6^cÌ_|*hXr<Ӂ��Xa�~|UD%�+AXp@ðsk{Xg۳RG-�iԶG��RtK�͘vҩsϳ.^' �� /Lq�S�oTުmK e!�:D^Z�V�e)x}n0Ȣ4�ҙnYxz��Imw,CcIؤ�>��'�8��$�uWZ4K���[0
c�t<Ð0z40`A>7zJk݇v$*�KJiiG>�Q0Gxj:t�8\cgrv߃qpXVrc](��⩨r~��&-��%8>IuYâP؆98#�%�9p0���LX�D?ۉn2",p럈Z8�^��䀲�e,CbJb�{PR�
#l�%1��(x�#ػ`+rj9����7r59"G�¿� �R$R�+pW��})��AE&p<ƽG�7
Kf�lǛRPa}N"F(xѴûB*]�sN
o�*ʡs\�� { ]J1x}��[/@N��HuWknR)ݛ��?/R\mD��q/0AusΩ0s�ꅕ%'�3,��66mIU+ 7�g%ۅ]`aiL"&N&0�99m6}�Lo0c��ߥ43?b)7b~m�z^&9|�l�Ś>
1<2d1qWO_ň�\>dD+9m�FA��OcLzxc
��}(/@�@L%F�H �diir'
o&g���xB���R,?jU%WKl~C�hM,ہ|U�ni|%w[%^_۶�W��17ۤKB`(xS��`+V#=����̊X@t4*&�7v��{=~zLfRO��a���L�v>_��_!ݰ�,VI my7�R[�$ytZĮEH����%��q��=4�u۽hz.ZxX�23dP^܋�oVu�ڎitp�9a.2
�d��N
�ρO��d��8ޝY�»�aK9.w�P�lɧ>>c�S(�;9Ĕ#MA?�SݝQo|sU��v�}A~���̀
lnZvD��$F(��<"m�G7.nrj&[v��
�5"t��c#
�IQ!C�wcL,P�0mÚ�1a;m�~t�b|촯��#@��
�l!�1�g昑G)Ɣ���u?X+D:Eb)��(a�E�$�7�@/��4'4(l��B6#v�SJTn$|�s�/Y�,a48��3���z�q"O�g8ԭ� t@x\��dj��H�,�ǥn�td͡Q(b8&��|g3�s!aR;<"qP=xzL��]ƒ�$�BѽӜ6$A0=c?݉i2���}�}И1�_[��~ Uꪂ_J�weX
&Zıyn�o]�̲W2�qRą&JZ �{�AzNrdhz߇B=
LC'�*O=FLn�y}}unHݴZ{rӾ;WuѹœOX�_ۣn՜駓U}j�|Ky2_�
Β^�9j^28SѢKs!Yx�9K��xU�"
/WEL�qx*0Xnϟ^w�D0/ڲ�& F8!Ll�?dz�7nWVk!h>=#tɉ3̐:o}jagn�Zj�-�!XU8j,7WaxT�Pt�O�vItZFRR"o�"#gH9#WH5#�o֧4R��Hd#֧��N[�'~>�s��?O?o�\}�kg�3th;?ws� ���fe\B/3 /�~/3{ %2@�y yAȣW���3!<#�KHH�+����ȟN|dȗk��o~n2�f�f�ˠ/�@_�2#J}G�BmV:m�B��f_ry�қ�|ּƅ)��RqA/2ȋ�৬tXB]e�Bz<++A/nt2��ܴ{�Һj^[=A]eiPͩ)�N(᰾a(x�FZ���gѥ8 an%7�=ӯ��.{2�v⻝A�ԇ}2сNrl �4@o\)Uʹw;
"�o[��'�;CjJ]N�-a�0�X����^;�QHJvo�*%K0>
�z!�R1��TcԭdM_+�BDK"�ѱw@ú�Cba"Jj�"�aQKp^'Wv��!�Ď`
�}3w�Pcgq�r=s�
XJ�'?{I�2ؐ &ή�w�fu��X;Ss�ӄ[Ìc,!9���hգ{9Dq |<,i`�̀NuW�oRw�0� J/.ӮGx�#K�^,Vkn5��kV{iq-�#2O,�5U,%O,B.P&GߗX`w�ȼ!k>CkNX7�н(r8�]]^��H~Z�]}o��Anl8ӕc�X]lQg
oqŗת@@rĶ��~j^aN0x��z!_�|$�pIi�).ZLq?i"r]6
�b�ه%//��Ӟ=&;. ��lt> /!"q0qH*_{l�xdHاP_CD_�vJ;P�|+ a;94vUL9
H|\��k,#!1苄I�US�{k�͙*q8w i!sl�F}v�_1!2:'0GJ �?�,�i_3Q�FӾ&]ǚŗfn�N\5a`a�Y��~l+PT�E'0@�=Cb�Sţ�4H�:BVESXN�A��}J^+^� )4�Mϫ�ѝE![I%#9r\鱽�$0\"e�z\;Tlv[��R�,��?�a+/"^�=�3�B+(/��8>eC�gA2D~kJ=&*P�=gZ�O��v,4%^z+Ik=G}c[Ve�ɄK�!lF!
�&� M*�KxbHqpC>a��v�EE~!KG
ϻy��Hj(4��I
cS
& 1?��j;;3mݔ_lܥ92L1p(qm�Fh�ӧ�75Z@�5E`x�ذ2��=��n=ձ]w�
� 7G=Ƌ�0�WnnM�n-:�S�G��U`7'#�~"��V���œC6�`0C3 �V݀=ʷQ$�T{s�>ZQ[tERb05�yNvCF}�_�2"�L�)L� �Ԣ?NSg�)+]�,1AƂ?�vL7�9~gS͗@Er�˫Py'mEK
]f'[٦2�й=-{�ה/���i[m�v*|�Xc �0,*059'1-E6;a>=X:}#3!?L�j#mf^kti�(san��v�[z0� _jPpP�9+ ha�0�+�>+g5�hs3q7M�&�C0ЕDM3z(ͦ,1.F� � A(�ix�z�T<1�@T�����nh1 �d'kI���'�'�R"la$�8�R3 kEh z.�3��pK��<9rg.Y^8XpT�/>% oַ2b9�����Ȋ�]D٥AqL+}viS#1Gd7~{P��N)< �?�`]2�/{?5Q��jA7ZR�^7��;o�IJP.�I5�k=6�S�@>$p �e,5ЇLp�gť�vz=O{ħĵ2z(`v>KlTEQk;,9��xPoR���#P�܉+U��֠;sNLכo0�/RW�Ϡ�ط�c�3Y|jZj~�p5mqUb'X�nKs"ݓ��X@0>��-ʚVK +M5eÓUݠ�Dv3�Sێ�7;uAO�-
��g2�U�k��qAmw�x�ƙyIG/h>f`P�]�Tv�К-v2�o
߁@t�z`l
G yЈ�q`,�8'L@�dV*)hF"~OH 5r胿$_>��n:�mEM9e2B0#V�a7oϦ� /A,_9nqm�/��'ڷ#l4!�6bKy(|�J�$S��
oSDs�iH',~�,,}С0�6/�Bg7iR7j:�<৵O$�"P3-ְKKձ~�`Wg0��Yj�@C�H
��0�ɳ[�Gyqy�yO�c̻�W{KX(#P{#-ܘ6t�HqAI^-1
u�脐CEd:1am�X�:��O1:Ww]cs��J\�aU͑hǂ\��~�
k1;E��q�NlnӉ4 G�&)B88XCx|8�>z��Y�Y"(hTp��pZN��B�Y'w��q@Z5a&ЖݨD`ؓKH* ߉ۖ&�JE�;{HVͣ�i��P+�zFO[�rڐD@�u.>%��T#^�x3wtF#Xޑw>����bF�[�. yiV5ӦM[lmiu %lvL5��)���"�eZ[+|aW�i.Qx�7�s�R)RS�`0[�IT{�P-I �r,^|+�(7=�./8$S0��ͮNO�Q>A)w\r×xtP;7Zcs7�"qirl9�z/�-�lT3�Ls'$M,|y�$'�$ЊW)ؔI81���x;wW%uUYOwQ��]5ޚFa9�cGmm'��X#Kef}vޑ��z}��Tn�J8,�H5�7\P8~�;6E&507:�K'
MQݱt`vDP��U.nxAC1 0d�dv{.Z+LCf/냳UO:k^/>� \}�M M�\tnR0Uq7�WRB�Sܢ�y:74��!q w<=m_Of[A̼Y�D�P3EF#x�<@;�*TVID�!}
%�cQ�Q1�݇XK�j����[ �0t͗mX4�*,�_jFt�b?xmh2>�qcne߄p5lSy�Z�qaY"g�;�e��?��
|
Network Security & Hardware 
