dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
730
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

Webmail and Online Banks Targeted By Phishing Proxies

»news.netcraft.com/archives/2013/···oxy.html from »it.slashdot.org/story/13/02/17/0···-proxies

"Netcraft's toolbar community has reported an increase in the deployment of malicious scripts which direct webmail and online banking traffic through rogue proxy servers. These proxies allow attackers to steal usernames and passwords when forms are submitted, or use victims' cookies to hijack already-authenticated sessions.

The attacks rely on malicious proxy auto-config (PAC) scripts, which are remotely hosted and instruct a victim's web browser to proxy certain requests according to the specified configuration. Other requests are left untouched and end up being transmitted directly to the intended websites. The selective behaviour could perhaps be an attempt to limit the amount of traffic an attacker would need to process to extract sensitive information; alternatively, it could be an attempt to make detection more difficult — the results from services such as whatismyip.com may not be indicative of whether or not traffic was being intercepted..."
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
Not to minimize the potential of this attack (if even possible), but...

"Alternative methods of attack include somehow enticing users to manually edit their proxy settings ...
I'd inadvertently kill my connection every time I fell for that.
Now all it takes is just a few clicks of their proxy-auto-config.exe

...or manipulating the settings via malware running on the user's computer.
They must consider themselves genious
Hijack or register enough web space to host phish content spoofing multiple banking sites, drop malware on user's systems, have malware tamper with proxy settings & POOF! start abusing.
Or just have the malware drop a keylogger.

"Similar malware-driven attacks have been around since 2008 and offer the attacker the additional advantage of being able to ensure that the malicious proxy settings cannot be tampered with."
Who in their right minds would need or use malicious proxy settings to attack banking credentials when malware with Admin rights is present?
Maybe a writer trying to fill blank space?
I'm not sure if I could less concerned over this 'threat' than I am.


NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1
reply to antdude

Wouldn't the proxies need a trusted cert, otherwise user is going to get a cert warning.

And if it's not a secure site then shame on both the user and site operator for exchanging unencrypted sensitive information.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
That's a part of my skepticism in seeing "deployment of malicious scripts which direct webmail and online banking traffic through rogue proxy servers." as a threat.
From a practical view this threat isn't going anywhere.
The matter of a cert is going to be present just as it would in a typical phish site irrespective of how the intended victim landed there.
There's too many components that need to be in place without any reward beyond what a simpler, typical phish delivery & implementation would require.
With email being the prevalent delivery method why link to a site that will "rely on malicious proxy auto-config (PAC) scripts" to fool a user that has already opened, read & complied with an emails request to follow a link?
short story: This technique would reduce the phish victim count if it were used in lieu of a straight forward emailed link to a spoofed banking site for the sole reason that the malicious script would have a failure rate that would skim off the top of the potential victim pool.


Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
Reviews:
·Comcast Formerl..
reply to antdude
said by antdude:

»news.netcraft.com/archives/2013/···oxy.html from »it.slashdot.org/story/13/02/17/0···-proxies

"Netcraft's toolbar community has reported an increase in the deployment of malicious scripts which direct webmail and online banking traffic through rogue proxy servers. These proxies allow attackers to steal usernames and passwords when forms are submitted, or use victims' cookies to hijack already-authenticated sessions.

The attacks rely on malicious proxy auto-config (PAC) scripts, which are remotely hosted and instruct a victim's web browser to proxy certain requests according to the specified configuration. Other requests are left untouched and end up being transmitted directly to the intended websites. The selective behaviour could perhaps be an attempt to limit the amount of traffic an attacker would need to process to extract sensitive information; alternatively, it could be an attempt to make detection more difficult — the results from services such as whatismyip.com may not be indicative of whether or not traffic was being intercepted..."

i'm sure itz been said many times.............Trusteer Rapport
»www.trusteer.com/

i use it as an additional layer of security.......rapport isn't like the rapport of yesterday.........the app gets along w/ NISS and MalwareBytesPro......just fine .............i understand the reference to 2k9........however..........the app has been re-developed constantly.
i'm certain there are malicious apps that can penetrate it..........but, every little bit helps

IE9/FF18.0.2...........both function w/o any noticeable performance issues

from the site:
""Why Rapport?

"A recent test of best-of-breed anti-virus vendors and Web browser anti-phishing filters revealed that more than half of active malware and phishing threats on the Internet go undetected, with an average detection rate of 37 percent for malware and 42 percent for phishing." Cyveillance, February 2009

Recent malware is capable of stealing your login credentials to online banking, brokerage, shopping, ecommerce, email, and social networking websites. Even if the site is deemed "secure", fraudsters can use your online account to execute unauthorized transactions, place orders, send emails, and much more.

Trusteer Rapport works standalone or alongside any desktop security solution. It hides your login credentials and web communication from any type of malware and prevents unauthorized access to your accounts. You should use Rapport even if your computer runs the most updated antivirus solution.""
--
101ST ABN Div. (AirAssault) "Rendezvous With Destiny!" "Night Stalkers/Phoenix Flight" For Buddy...who lived it! Whiskey for my men and beer for my horses! H.A.L.O!, 5th Grp., MACV SOG, 160TH AVN SOG, Death From Above, VFW, AmLegion


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by Phoenix22:

i'm sure itz been said many times.............Trusteer Rapport
»www.trusteer.com/

i use it as an additional layer of security.......rapport isn't like the rapport of yesterday.........

Much can be learned from the mistakes of yesterday if their willing to own them, but yup, it's about choice, deciding what's right for your mix.

Imagine an online banking world where Trusteer Rapport was mandatory?
From the first of 2 case studies available @trusteer

Future Plans
The Bank is so confident in Trusteer that it is planning to make the use of Trusteer Rapport
mandatory for its commercial customers, in order to protect them from account takeover fraud.
Old National Bank is looking at Trusteer solutions for other channels as well.

»buildingtrust.trusteer.com/Old-N···y?src=hp

From a personal view I wouldn't support any company "offering" a mandatory program to run on my PC's.
From a technical view, shit happens.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
You know, it's funny. My bank states they will refund any monies due to fraudulent access to my account online. Yet, they offer Trusteer to use.

It seems this is geared more to mitigating the banks loss, than it is my security, or safety. JMO, of course.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by Juggernaut:

You know, it's funny. My bank states they will refund any monies due to fraudulent access to my account online. Yet, they offer Trusteer to use.

What's funny is the option to refuse replacing funds their supposed to be safeguarding isn't theirs to make.
Not yet anyway.
said by Juggernaut:

It seems this is geared more to mitigating the banks loss, than it is my security, or safety. JMO, of course.

Well it is their loss.
Some smaller regional banks are either presently or at risk of getting the sh*t kicked of them & some of them will grab at anything that floats by with a pulse.
It also gives the larger brands the feeling that they are doing something constructive, IMO.
Where's the downside?
Plenty.
From shit happening to a general acceptance that an online banking app is so hard/bulletproof that a consumer NOT using the app should be responsible for any loss due to online fraudulent activity.
That's just the start.
Once that hurdle has been met, efforts will be made to make the consumer take responsibility for all loss due to fraud.
Banks profit from moving in person transactions to online transactions while losing profits due to online fraud.
long term short story prediction: The cake & eat it thing with the consumer eating the loss while the bank eats it's cake.

Of course this is personal opinion & in no way reflects the opinion of any person, rational or logical...


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

1 recommendation

Precisely. Nailed on the head.