Banking Malware, Under the Hood 92
rye writes "What is your computer actually DOING when you click on a link in a phishing email? Sherri Davidoff of LMG Security released these charts of an infected computer's behavior
after clicking on a link in a Blackhole Exploit Kit phishing email. You can see the malware 'phone home' to the attacker every 20 minutes on the dot, and download updates to evade antivirus. She then went on to capture screenshots and videos of the hacker executing a man-in-the-browser attack against Bank of America's web site. Quoting: 'My favorite part is when the attacker tried to steal my debit card number, expiration date, security code, Social Security Number, date of birth, driver's license number, and mother's maiden name– all at the same time. Nice try, dude!!'"
Well, you were dumb enough (Score:1, Insightful)
to click on the attachment in the first place, you've already set the bar for your intelligence (or at least common sense) pretty low, why not try?
Re:Well, you were dumb enough (Score:5, Insightful)
But the other phishing schemes are subtle. I think reasonably intelligent folks who skim emails (instead of read them), especially on a tiny smart-phone/blackberry screen, are just liable to click to someplace nasty. After all, ain't no one 100% right 100% of the time.
Re:Nice try? (Score:4, Insightful)
Easy enough to push your username to the real site, scrape the "security image", and then present the legit image to the user.
Once they've faked a legitimate SSL session, you're owned.
This is scary. It should not be possible.
Re:Nice try? (Score:5, Insightful)
So.... I have to give out my personal data to a site that I don't know is legitimate because they won't show me the security image because they don't know that I'm legitimate?? Who's going to blink first?
Re:Well, you were dumb enough (Score:4, Insightful)
There's a very basic question that needs to be asked by people: why am I getting this email? If you can't figure it out, a siren should go off in your mind as to what this could be.
I do feel bad for anybody that's been caught by this, technical ineptitude is not a valid reason to get your money stolen, especially considering the average age of the victims (it's up there).
Re:Nice try? (Score:2, Insightful)
Did you bother to read the article and check the examples?
I will take a hard look at the URL, and probably decide to close the tab and start a fresh session.
The example image shows a browser with "https://www.bankofamerica.com/..." in the address bar. Feel free to close the browser and start a new session compromised by the malware exactly the same as before. Feel safer now? The thing that made this particular attempt "obvious" to a non-stupid person was only the extreme level of over-reach in greedily asking for all that identifying info at once; scale back a little to replicate normal bank log-on credentials, and what's left for you to tell the difference? I often get a re-verification page for "changing" a browser from several bank-type sites after routine upgrades; it's not an alarmingly rare event. If your own computer is seriously compromised, then there's very little you can do to assure proper secure communications through it.
Re:Well, you were dumb enough (Score:2, Insightful)