Wednesday, 19 May 2010

Intelligent Phishing

Not much days ago, Twitter warned users of a phishing attempt. After clicking the infected link, they landed on a login page that was indistinguishable in terms of design from the original twitter login. After you gave your credentials, it redirected you to twitter home page(as you were never logged out). It was though a simple idea, many fell for it. Thus, hacked(err.. Technically 'Cracked' ).

Anyway, it's the most real trick. The villain can get your password, without a try, and you are giving it to him. No offense, but it a truth universally acknowledged that few of :) people on Social Networking sites are nincompoops. Hence, easy targets.

They fall for tricks like phishing. As it is, not quite difficult, find a free host and make the page look like login page of say twitter. Now what you have to do is, to get somebody visit the link. In the optimistic world, it'll be quite good if you even got login credentials of 1% of users visited.
[Image: Toastyken]

Well.. that was easy. There is quite high chance you already know about this. wait, there is something more.

Tabnabbing aka tabnapping!?
First of all, tabnapping?? the name is crazy. still getting used over the web now.This is the latest and the most intelligent one. You visit the page of bad guy, it's normal and informative now. With many more tabs open, the site of bad guy loses focus. Thanks to Javascript he detects it and changes his page's favicon and content to that of You return to the tab, thinking you need to login, thus enter your credentials. All done. Again, this is Aza Raskin!

But, wait a second, are we so stupid to not remember we have gmail login open? maybe not this time, you can't be attentive every time! Hugely inspired by traditional phishing, they'll redirect you to the original page once you've entered the information(no matter right or wrong!). Obviously, you were never logged out. There is a creepy presentation Aza Raskin has on his page. Goto the link, after the page has loaded. get busy with another tab, after at least 5 seconds come back. Whoa! it has Gmail icon and whole page looks like that. Aza says, he was too lazy so he rather just showed the screenshot of gmail login. You get the idea it is possible.

Preventing Phishing
Not getting into what needs to be done with browsers, although the very complexities. It is a normal phishing attempt, just keep your eye on the URL. When logging into great things.
Any mis-spells, additional suspicious domain are the signs of phishing. and particularly avoid using full-screen mode of browsers while you login to any service.
One of the more secure thing is to make firefox remember your password, so whenever there is a login prompt firefox will fill it for you. In case it didn't, you'ld get some instinct or suspicion that the site's not right.

Desktop Phishing
Now this defines awesome. The bad  guy can get your username password even if you are on the right page. That is you login from the right page like still you are falling for the trick!
How? See the video.

Note:Ok you googled it now? You will not find much about it. I am not big enough to interpret what is going on behind the scenes. But surely it has to do with security, normal bugs to be public is not a huge thing. Since, the potential of so called 'Desktop Phishing'. It is scary and without a cure today, that might be a reason why it is not something you have heard of.

So what he did is, he modified a system file that operates the TCP/IP protocol. How he modified it is even more simpler, compressed the file to be modified in sfx extention(it will extract itself). Obviously you won't start it anyway, so it is along with a legit software like teamviewer. Now every time the victim visited, he is actually visiting the fake paypal page from the bad guy. The login button does nothing but saves your credentials in some file. Every noob in the cyber cafe at the corner of the road can do this.
Even more than that, imagine it's use on public computers. The computer owner may himself modify the file. Every one opening for instance will first fall on his clone, after giving the credentials he can be redirected to the original facebook login which can lessen the suspicion of the user to a great extent.

How to prevent from this thing?!!
The only solution is to, use only official and trusted websites for downloading any piece of executable code or file. The way it is extracted and the type of file it is, no Anti-virus will warn you. Actually, no will know.
To the threat to public computers, i'm still unable to find a cure there. Comment if you do not agree! Surely, Desktop Phishing is the best way to 'phish'.
You don't need to be paranoid here. There is someone claiming that they'll alert you whenever the HOSTS file is edited, try inquiring about it. I'm not sure of its credibility.

How Secure is your Browser?
In most cases, we think Firefox is a reliable browser(It is, even Chrome Safari and IE are pretty much. No browser treats your privacy like facebook does.). It'll warn us, on many sites it does. But.. the speed and ease you can register a new domain(especially free ones) it is impossible for a browser to stay up to date with the amazingly new ways hackers find to bypass security. In real world, it never matters that Firefox saved you 100 times from phishing, still for the only time you are 'cracked' the loss is no less.
Here Gercek Karakus tells you how open you are when on web. Similar example StartPanic!
If they still seem a low threat, imagine a phisher who first knows which service do you use on the computer, and then present you the login page of same service. You'll not be able protect yourself every-time. or someone who first knows which bank you use then present you their login screen saying "Your login has expired!" which is normally what they show.

I'm sorry if you've freaked out. But that is windows. :P
Download Virtualbox, and install Ubutnu on it. For more information, here is Tutorial. Once you get used to things in Ubutnu, you can prepare for dual boot. Linux are the safest systems out there and FREE too! FYI I don't belong among those Free and Open source software(FOSS) junkies, rather i think the energy they waste hating windows could have been better utilized if they wrote few good pieces of code for *nix. In a nutshell, windows is your native OS, keep it. But don't be blind to the world outside.

Internet is awesome technology but not at the cost of intrusion of user's privacy. Stay safe.


  1. Wow,I knew that there were viruses where you click on something that gets you to download malware, but I had no idea how indepth all this is - phishing? OMG, I am totally paranoid now.

  2. Exactly, that is even why i wrote this.
    Like the file he modifies, your anti-virus won't alarm you as it is NOT a virus. or spyware.


Related Posts with Thumbnails