Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Security IT

New Phishing Toolkit Uses Whitelisting To 'Bounce' Non-Victims 71

Posted by samzenpus
from the on-to-the-next dept.
chicksdaddy writes "Researchers at RSA say that a new phishing toolkit allows attackers to put a velvet rope around scam web pages – bouncing all but the intended victims. The new toolkit, dubbed 'Bouncer,' was discovered in an analysis of attacks on financial institutions in South Africa, Australia and Malaysia in recent weeks. It allows attackers to generate a unique ID for each intended victim, then embed that in a URL that is sent to the victim. Outsiders attempting to access the phishing page are redirected to a '404 page not found' error message. Other phishing kits have used IP address blacklists to block anti malware companies from viewing their malicious pages, but this is the first known use of whitelisting, RSA said. The phishing attacks that RSA technicians discovered that used the Bouncer kit were designed to harvest login credentials from financial services firms. The whitelisting feature may well work, especially given the volume of potential phishing pages that security companies review each day. Getting a 404 message may be enough to get a forensic investigator or security researcher to move on to the next phishing site, rather than investigating."
This discussion has been archived. No new comments can be posted.

New Phishing Toolkit Uses Whitelisting To 'Bounce' Non-Victims

Comments Filter:
  • by sevenisloud (1688814) on Thursday January 17, 2013 @05:18AM (#42614631)

    As far as I can tell the OTP calculators are only issued for business accounts, normal "end user" accounts have minimal provisions.

    Here in the UK HSBC, Barclays and others issue OTP calculators to all their Internet banking customers.

  • by History's Coming To (1059484) on Thursday January 17, 2013 @10:29AM (#42616107) Journal
    They don't, that the point.

    I use precisely this technique for presenting discount vouchers to people who have signed up to a restaurant mailing list, identical system but for white hat purposes:

    1 - send an email to the relevant contacts, including an embedded image at domain.com/voucher.php?id=xyz where "xyz" is a unique account ID.

    2 - when the recipient receives the email the voucher that is displayed has their name on it, the image is generated on-the-fly using the unique ID to get the name right.

    3 - (this is the important bit) - if anyone logs into domain.com/voucher.php without passing a correct ID then they simply see a voucher marked as invalid, and a link to where they can sign up. In my case it stops non-members getting a voucher, in the spammers case it stops a non-target (including investigators) from seeing the exploit being presented to a "customer", most likely someone from a list of known phishing mugs.

Nothing in progression can rest on its original plan. We may as well think of rocking a grown man in the cradle of an infant. -- Edmund Burke