1. Computing & Technology
About.com
Internet / Network Security

Phishing Attacks: The Next Generation

New Attack Technique Redirects Users Without Any Intervention Required

From , former About.com Guide

A while back I wrote an article titled Protect Yourself From Phishing Scams in which I quoted Douglas Schweitzer, author of Incident Response, explaining “phishing” as “phishing attacks use “spoofed” e-mails and fraudulent websites with the attempt to trick unsuspecting Internet users into divulging confidential personal information such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known institutions, phishers are able to convince a small percentage of recipients to respond to them."

That article went on to describe five things you can do as a user to protect yourself from phishing scam attacks as well as five things corporations can do to keep from being victimized by phishing attacks and to protect their customers. Number four on the list of things users can do to protect themselves describes how to ensure that the Hosts file on the computer has not been corrupted. Here is an excerpt from that tip:

Your computer has a hidden system file called the Hosts file. This file can be used to hard code domain name translations and direct you to a different site. Normally if you try to visit paypal.com your computer sends the request to a DNS server which lets your computer know what the IP address of that domain name is so that your request can then be forwarded to the right server. The Hosts file supercedes DNS so by adding an entry in the Hosts file with the domain name “paypal.com” and a different IP address your computer can be redirected. Rather than being sent to the true paypal.com server your request will go to the address specified in the Hosts file.

This tip is becoming even more relevant in light of recent phishing attack activity detected by MessageLabs. In a press release on November 3 MessageLabs stated that they “intercepted a number of emails which, when opened, silently run a script that attempts to rewrite the host files of targeted machines. This means that the next time the user attempts to legitimately access online banking they will be automatically redirected to a fraudulent website, enabling their log in details to be stolen.”

Many home users are still naïve enough to respond to phishing attack emails and click on links within emails that take them to fraudulent web sites, but attacks of this nature that rewrite the Hosts file to steer users to the fraudulent web site without requiring any user intervention are harder to detect and avoid. The vast majority of home users don’t know what a Hosts file is or where to find it. They don’t routinely check it to validate that the entries are correct, and even if they tried most don’t have enough knowledge to even determine whether entries in the Hosts file are valid or not. So, if infected by an attack such as this, home users will unwittingly visit the fraudulent web site and surrender their username and password information to the attackers.

©2012 About.com. All rights reserved.

A part of The New York Times Company.