Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Apr
29th

Computer Security Hole: Malware Modifying Hosts Files

Author: Indre | Files under Fix slow PC

This article is a continuation of the previous article on hosts files modification. Coming back to this topic one of the many computer dangers that scare most users today relates to modifying hosts files used for Phishing Scams. This technique is often applied by bad guys for malicious purposes. By modifying hosts files they create a way to steal sensitive data and in this way obtain financial benefit.

The first case that caught my attention with regards to phishing scams is connected to a new trojan variant. According to Websense Security Labs research a new trojan variant was found which performs a phishing attack against users. It modifies the hosts file on the infected machine, and after that lays out the real address of a bank to the IP address of a phishing site. This action redirects users to a phishing site when trying to access their bank account.

lloyds2.jpg

 

 

 

 

 

 

Table 1. Phishing site screenshot

lloyds_real.jpg

 

 

 

 

 

 

 

 

Table 2. Screenshot of the real website

To show this case you may look at the Table 1 which is above, the browser displays the correct web address, at the same time loads a phishing site. The targeted users are redirected to the real website of the bank after they have entered their logon information into the fake website.

One more case of a phishing scam relates to Bancos, an internet banking Trojan as well as an info stealer. It waits and watches for the user to enter banking websites. Then Bancos tries to spoof the pages of those banking website. Further, once executed on the user’s system, Bancos attempts to connect its ‘Command and Control Server’. After that it downloads a .txt file encompassing entries for hostnames of various financial and government domains. The downloaded copy replaces the default Windows hosts file, so users attempting to log on to one of the legitimate domains are redirected to a malicious server hosting phishing copies of these web sites.

The aim of phishing is to get delicate information, such as usernames, passwords and credit card details by tricking users. This illegal process is performed through e-mail or instant messaging and specializes in tricking users into entering private details on false websites that look the same as the legal ones.

Resources:
Phishing
Identifying phishing
A phishing attack

Post a Comment

Security Code: