ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] SMS заманивает на сайт с трояном



 http://news.zdnet.co.uk/internet/security/0,39020375,39277240,00.htm
Phone phishing attack hits US
Tom Espiner
ZDNet UK
June 23, 2006, 17:05 BST

Criminals have launched a blended attack which attempts to lure users to a 
malicious Web site via text message.

IT managers have been warned to alert their staff to the attack, which uses 
social engineering techniques to try to trick users to the phishing site, 
according to security vendor Websense.

Users are sent an SMS text message to their mobile phone, thanking them for 
subscribing to a fictitious dating service. The message states that they will 
be automatically charged a subscription fee of $2.00 per day, which will be 
added to their phone bill, until their subscription is cancelled at the online 
site.

The same message has also been spammed to the comments section of numerous 
bulletin boards.

Once victims visit the site to unsubscribe, they are prompted to download a 
Trojan horse program which is a variant of a program Websense calls "Dumador". 
Once installed, the program turns the computer into a zombie, allowing it to be 
remotely controlled by the hackers.

Once machines have been compromised, they become part of a bot network, which 
can then be used to launch distributed denial of service attacks, install 
keylogging software and store account information.

"This is definitely the first time we've seen this specific approach," said 
Ross Paul, a senior product development manager at Websense. "Basically they're 
taking a social engineering attack vector with a lot of users," Paul added.

The attack began on Thursday in the US, and according to Websense was first 
detected by Sunbelt Software, a security software vendor. The attack has so far 
been focused solely on the US, but may spread to the UK.

Websense said it had been monitoring the attacks, but couldn't divulge the 
identity of those responsible, or say whether it was collaborating with the 
authorities in this specific case.

"In general, these kinds of attack are perpetrated by organised rings of 
people. In some cases we know their nicknames, which we share with law 
enforcement. We regularly share information with the police when that makes 
sense," Paul said.

Websense could not say exactly how many users had been affected by the attack. 
Monitoring botnet activity is "very difficult to do", due to the cross-border 
nature of the networks, according to Paul.

The Dumador Trojan allows hackers to use HTTP to control the bots and trigger 
them to upload information. The most popular method of bot control is through 
Internet Relay Chat (IRC).

IT managers were advised to educate staff on the growing sophistication of 
social engineering att





 




Copyright © Lexa Software, 1996-2009.