Next Phishing Attack Spreads its Net
Annoyed by popups? Just wail 'til you see this one.
Hacking/Denial of Service
vulnerability, in which a malicious
Web page can be created that contains a link to a legitimate site. This link
the legitimate site. Microsoft released Security
. (Advisories, you may recall, are merely warnings from Microsoft
about possible attacks; they're not patches, as Microsoft doesn't see it as
a hole in a product.) Almost all browsers are vulnerable to this attack, which
is most likely to manifest as a phishing attempt.
This type of attack can't be prevented without stopping a Web site from creating
multiple popup dialogs. When the victim clicks on the legitimate link, a new
appears as if it's the inside of the legitimate window. From the victim's perspective,
the legitimate site.
to, for example, log into his banking site. The victim could look at the URL
in the Address field of the Explorer Bar and see the legitimate address, or
inspect the Status Bar and see, for example, a closed SSL lock. From all indications,
the malicious input fields look legitimate.
This is just another example of how the World Wide Web was designed without
security in mind. Popup advertising is a bane to most Internet users, leading
to the hundreds of popup blockers. This latest attack combines popups with windows
which don't appear to be complete browser windows. Both are highly desired by
online advertisers, and the combination is, at least in this case, highly effective
at fooling even astute and security-savvy users. The only way such an attempt
could be detected would be for the user to select another window, or close one
of the popup windows.
This one is almost definitely going to be put into widespread use on phishing
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
A number of sites, including TechWeb, SANS, VNUNET and Gartner are reporting
increased activity on TCP port 445, a port associated with Windows SMB
protocol. They're speculating that the increased activity is due to attackers
searching for ways to exploit the Microsoft Incoming SMB Packet Validation Remote
Buffer Overflow vulnerability, which was patched in Microsoft's monthly security
update for June with MS05-027.
Here's the problem with the conclusions, however: How can anyone base such
speculation solely on port activity, without analyzing the actual attack code
being presented? This port is amongst the most abused for attacking Windows
systems, and is constantly under attack from thousands of hosts that have been
compromised in the past.
Sigh ... I'm yawning.
The FDIC has notified 6,000 current and former employees that their personal
data may have been compromised in a security breach that occurred in early 2004.
In several cases, the stolen data were used to obtain loans at a credit union.
The FDIC says the case is one of "unauthorized release" of personal
information, rather than an intrusion. The FBI is investigating.
The California Department of Managed Health Care (DMHC) has fined Kaiser
Foundation Health Plan, a division of Kaiser Permanente, $200,000 for exposing
the confidential health information of about 150 people. The DMHC said the information
had been available on a publicly accessible Web site for as long as four years.
There's a move in California to modify a state Senate bill to include notification
if customers' information on paper records or tape backups are hacked.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.