Alex Shipp, Senior Anti-Virus Technologist at MessageLabs, stated that this new attack is unique because ?Previous phishes relied on luring the victim to a website using social engineering. If the victim did not bank with the particular bank mentioned in the email, the phish would not succeed.? He continued with ?This one silently changes the hosts file on the PC so that a number of bank sites are redirected to fake sites.
The next time the victim does any online banking they are at risk, and because they initiate going to the bank web site, their guard is likely to be down.?
Shipp points out that these latest attacks rely on exploiting known Microsoft vulnerabilities. He recommends that users keep their computers properly patched and updated. For the banks or companies targeted by such attacks Shipp says there is not much they can do to protect their customers aside from working aggressively to get any known fraudulent web sites removed from the Internet as quickly as possible.
?I think if this takes off though, things will become very difficult. I expect it to be very difficult to explain to a non-technical person what their 'Hosts' file is, where to find it, and how to make sure it has not been compromised", concluded Shipp.
To protect your computer and yourself from being victimized by such attacks you should follow basic security practices such as those discussed in Security Basics in a Home Computing Environment and the advice in Protect Yourself From Phishing Scams.
Awareness of new attack techniques and specific malware that exploit those techniques can also go a long way to helping you protect yourself. You should refer often to web sites such as this one or the About.com Antivirus Software web site to stay informed about emerging threats.
The next time the victim does any online banking they are at risk, and because they initiate going to the bank web site, their guard is likely to be down.?
Shipp points out that these latest attacks rely on exploiting known Microsoft vulnerabilities. He recommends that users keep their computers properly patched and updated. For the banks or companies targeted by such attacks Shipp says there is not much they can do to protect their customers aside from working aggressively to get any known fraudulent web sites removed from the Internet as quickly as possible.
?I think if this takes off though, things will become very difficult. I expect it to be very difficult to explain to a non-technical person what their 'Hosts' file is, where to find it, and how to make sure it has not been compromised", concluded Shipp.
To protect your computer and yourself from being victimized by such attacks you should follow basic security practices such as those discussed in Security Basics in a Home Computing Environment and the advice in Protect Yourself From Phishing Scams.
Awareness of new attack techniques and specific malware that exploit those techniques can also go a long way to helping you protect yourself. You should refer often to web sites such as this one or the About.com Antivirus Software web site to stay informed about emerging threats.
SHARE
