Many Internet users know what a regular phishing attack looks like, where an email comes in with a link asking you to click it and enter your credentials into a fake site meant to steal that info. What about a sneaky one that exploits user inattention to their browser tabs?
Reported on the blog Krebs on Security a new phishing attack was invented recently where the unattended tabs left open in your browser will be changed with a JavaScript code embedded in the website. The tab’s favicon and title will be changed to look like a frequently visited site and the tab content will be changed to a fake version of that website. The point is to trick the user into thinking they left that site open and got logged out and they will want to re-enter their login information.
Consider the following scenario: Bob has six or seven tabs open, and one of the sites he has open (but not the tab currently being viewed) contains a script that waits for a few minutes or hours, and then quietly changes both the content of the page and the icon and descriptor in the tab itself so that it appears to be the login page for Gmail.
The attack doesn’t even have to change the text in the address toolbar, because nobody looks there to double check where they are going. People rely more on the visual cue of the favicon and tab title. The attack exploits user inattention and trust in the tabs remaining unchanged. When the user has put their info into the fake site it will then redirect to the real site. In the Gmail example they will be redirected to the real Gmail and it will be logged in because it was never logged out in the first place.
A working proof-of-concept can be found at Mozilla Firefox creative lead Aza Raskin’s site.
If you go there and leave it open while on another tab it will switch to a fake Gmail. The only way to avoid the attack beyond being vigilant of tabs is to use the noscript addon for Firefox and it has been reported to not work quite as well on other browsers. Luckily it seems that this attack isn’t actually out in the wild, at least not yet.
June 2, 2010
Devious New Phishing Tactic Targets Tabs
May 30, 2009
New Malware/Virus that deletes or currupts your MP3’s Called Ending Piracy Malware
Ending Piracy Malware
Sophos has posted a blog article about a malware that tries to stop piracy by destroying all mp3 files on an infected computer.
If the computer is infected, a message box will show before users can log on which says “Stop piracy Musician Affairs, Do not Use MP3 again (quasi quasi-an) huahahahahaha!” which is loosely translated from an Indonesian language. The message appears because the malware modifies some registry entries related to WinLogon.
The file comes with a Winamp icon which looks like a regular mp3 file notes Prashant Kumar, the author of the article.
Source: www.Sophos.com
Kinda Scary.. Hope we dont see much of this one. Besure to run your windows and anti virus software updates
May 5, 2009
Conficker (Downadup) – New Developments
A recent development regarding the Conficker virus has been detected, where it is now directing infected machines to download new, harmful files, thus activating the botnet. Here’s how this new behavior works:
Conficker sends out email spam without the PC owner’s knowledge. In addition, Conficker uses pop-ups to warn of PC infection and offers fake antivirus software, called ‘SpywareProtect2009′ at a price of $49.95. If purchased, credit card information is stolen and the virus downloads even more malicious software.
If you think you might be infected you really should get us to check your machine out asap. Bring your machine in or give us a call to come onsite and check your network.
Also do not put your credit card into any site selling any sort of “Virus Removal or Fix”