Culture Jamming

[Phishing piers on legitimate sites]

FYI...

Phishing piers on legitimate sites
- http://www.f-secure.com/weblog/archives/00001440.html
May 21, 2008 - "Let's say that you want to phish for PayPal accounts. One might attempt to register something such as paypol-sevice .com. But that's too obvious and is likely to be discovered and abused before the phishing even begins... So instead of a clever misspelling, more obscure URLs such as paypalcom .cq.bz are required. However, even obscure URLs can be taken offline quickly as they have no legitimate functions. Sending a message to the host providers with a request that the entire bogus site be taken offline does the trick. So what next?
Instead of setting up their own sites, we're seeing more and more evidence of phishing from hacked sites; legitimate sites that are unknowingly hosting phishing. And then the site cannot simply be pulled offline without collateral damage to the legitimate business. So the website's administrator must be contacted to repair the damage. Sites such as bbcsales .com, a 15 year old business with a long-standing Web presence. Until the website's vulnerabilities are resolved, the phishers will just continue to hack-and-pier..."

(Screenshots available at the URL above.)

 

[Apple stores]

FYI...

- http://sunbeltblog.blogspot.com/2008/05/apple-store-now-phishing-target.html
May 24, 2008
"Apple stores are now a target of phishing (served off a hacked site)."

(Screenshot available at the URL above.)

 

[Hacked website? What to do:]

FYI...

- http://www.f-secure.com/weblog/archives/00001617.html
March 2, 2009 - "Tyler Moore of Harvard and Richard Clayton of Cambridge have studied the usage of search engines in the compromise of Web servers in order to host fraudulent content, e.g. phishing sites.
• 'Although the use of evil searches has been known about anecdotally, this is the first paper to show how prevalent the technique has become, and to report upon the substantial rates of recompromise that currently occur.'
Anecdotal evidence of multiple attacks? Our May 21st, 2008 post* is one such example. We've seen compromised sites becoming re-compromised for quite some time now. Moore and Clayton's paper offers some fascinating analytics on the topic. They've found that compromised machines accounted for 75.8% of all the attacks analyzed. And 20% of the sites that were compromised were successfully attacked again within six months..."
* http://www.f-secure.com/weblog/archives/00001440.html

Hacked website? What to do:
- http://www.apwg.com/reports/APWG_WTD_HackedWebsite.pdf

 

[Facebook apps used for phishing]

FYI...

Facebook apps used for phishing
- http://blog.trendmicro.com/facebook-applications-used-for-phishing/
Aug. 19, 2009 - "It would be easy to think that once someone has logged in successfully to Facebook—and not a phishing site—that the security threat is largely gone. However, that’s not quite the case, as we’ve seen before*. Earlier this week, however, Trend Micro... found at least two—if not more—malicious applications on Facebook. (These were the Posts and Stream  applications.) They were used for a phishing attack that sent users to a known phishing domain, with a page claiming that users need to enter their login credentials to use the application. The messages appear as notifications in a target user’s -legitimate- Facebook profile... While Trend Micro has informed Facebook of these findings, users should still exercise caution when entering login credentials. They should be doubly sure that these are being entered into legitimate sites, and not carefully crafted phishing sites..."
* http://blog.trendmicro.com/?s=Koobface

(Screenshots available at the URL at the top listed above.)