This article is a continuation of the previous article on hosts files modification. Coming back to this topic one of the many computer dangers that scare most users today relates to modifying hosts files used for Phishing Scams. This technique is often applied by bad guys for malicious purposes. By modifying hosts files they create a way to steal sensitive data and in this way obtain financial benefit.
The first case that caught my attention with regards to phishing scams is connected to a new trojan variant. According to Websense Security Labs research a new trojan variant was found which performs a phishing attack against users. It modifies the hosts file on the infected machine, and after that lays out the real address of a bank to the IP address of a phishing site. This action redirects users to a phishing site when trying to access their bank account.
Table 1. Phishing site screenshot
Table 2. Screenshot of the real website
To show this case you may look at the Table 1 which is above, the browser displays the correct web address, at the same time loads a phishing site. The targeted users are redirected to the real website of the bank after they have entered their logon information into the fake website.
One more case of a phishing scam relates to Bancos, an internet banking Trojan as well as an info stealer. It waits and watches for the user to enter banking websites. Then Bancos tries to spoof the pages of those banking website. Further, once executed on the user’s system, Bancos attempts to connect its ‘Command and Control Server’. After that it downloads a .txt file encompassing entries for hostnames of various financial and government domains. The downloaded copy replaces the default Windows hosts file, so users attempting to log on to one of the legitimate domains are redirected to a malicious server hosting phishing copies of these web sites.
The aim of phishing is to get delicate information, such as usernames, passwords and credit card details by tricking users. This illegal process is performed through e-mail or instant messaging and specializes in tricking users into entering private details on false websites that look the same as the legal ones.