Say "Ouch" if Your'e a Bank

Online Banking Industry Very Vulnerable to Cross-Site Scripting Frauds Well known banks have created an infestation of application bugs and vulnerabilities across the Internet, allowing fraudsters to insert their data collection forms into bona fide banking sites, creating convincing frauds that are undetectable to most customers. [via Netcraft]

It's Enough to Make You Hide Your Money Under the Bed

Phishing operations have begun using DNS wildcards and URL encoding to create email links that display the URLs of legitimate banking sites, which are likelier to lure online banking customers to spoof sites operated by fraudsters. [via Netcraft]

In recent weeks wildcard DNS settings have been used in a wave of phishing attacks on Barclays Bank, in which the "bait" email included URLs starting with barclays.co.uk, followed by a lengthy sequence of letters and symbols. Two examples:

http://barclays.co.uksnc9d8ynusktl2wpqxzn1anes89gi8z.dvdlinKs.at/pgcgc3p/

http://barclays.co.uk34fdcb4rvdnp9phxbahhvbs6l56a2uyx.divxmovies.at/41pvaw3/

The phishers use a wildcard DNS setting at a third-party redirection service (kickme.to) to construct the URLS. The wildcard allows the display of URLs beginning with "barclays.co.uk," which is followed by a portion of the URL which is encoded to obscure the actual destination domain. The redirector at kickme.to/has.it forwards to a Barclays spoof site hosted at Pochta.ru in Moscow. The spoof loads a page from the actual Barclays site, and then launches a data collection form in a pop-up window from the Russian server:

Comments

Popular posts from this blog

A Short Guide to Collecting your Iranian Travel Visa in London

Plus Ca Change

Nothing New Here Folks