Covert phishing scam lies in wait for its victim
Low risk for now, but could be a sign of worse to come...
A phishing scam has been detected which doesn't even require users to click on a link in order to jeopardise their personal data while banking online. Simply opening the email may be enough.Although MessageLabs who discovered this new technique, is saying the fairly crude scam is very low risk and not yet seen in Europe, it is a worrying development which users and banks should be aware of.
When the email is opened a script is run which rewrites the host files of targeted machines. The effect of this is the next time they attempt to access legitimate online banking, at one of the targeted banks, the new script, which has been lying in wait for such a moment, redirects the user to a fraudulent website which apes the site their were attempting to legitimately access.
Alex Shipp, senior antivirus technologist at MessageLabs, said: "This script silently modifies the users' machines and creates this vulnerability. The next time the user goes to bank online, that's when it will get them."
So far the company has only intercepted a relatively small number of these new phishing emails in South America where they are targeting three Brazilian banks, but as ever with malicious activity online any success will likely see the scams spread to new territories.
Shipp said this first iteration of such a covert phishing technique will only affect users who have Windows Scripting Host enabled and certain ActiveX controls and he believes the majority of users with up to date patches, or the most recent versions of Outlook, where such features are switched off as standard, will be protected.
But it is the general trend which is causing the most concern.
"Perhaps Brazil was targeted by this first, fairly basic email because the writers knew there were a large number of unpatched PCs there, but the worry is that this could become more advanced," said Shipp, warning that future iterations of such a scam may employ java script or similar means to create such a vulnerability on users' machines.
MessageLabs is currently detecting between 80 and 100 new phishing websites every day.