Call out a phisher, get attacked by malware

• READ
• COMMENTED
• SHARED

• CallPlus unbundles Hamilton, offers 'data banking'
• Desktop Linux is still not happening
• Supercity ICT: how the vendors are placed
• Exclusive: Gen-i to launch iPhone sales, support
• Government outlines rural telecommunications plan

• Deskop Linux is still not happening
• CallPlus unbundles Hamilton, offers 'data banking'
• IE9 proves Microsoft is back in the browser battle, says analyst
• Gen-i to launch iPhone sales, support
• Government outlines rural telecommunications plan

• ‘Veneer’ of integration likely for Auckland
• CallPlus unbundles Hamilton, offers 'data banking'
• Some subtle tips for standout interviews
• Forum: The enigma that is the Supercity
• Broadband use grows; mobile internet still to take off

 

• Gartner: Spending on external service providers to increase
• Stepping forward
• The end of an ‘arranged marriage’?
• Let it reign
• ‘I was a CIO’

 

• SUBSCRIPTIONS
• NEWSLETTERS
• NEWSFEED

Computerworld is New Zealand's only specialised information systems fortnightly.

Subscribe now for $97.50 (24 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Subscribe to Computerworld's
RSS newsfeed here and get news stories as they break.

• Is Rock Phish cybergang set for a comeback?

Users tired of phishing attacks who retaliate by talking back are being targeted with exploits designed to hijack their computers, a security researcher says.

In a new twist, phishers using the Asprox botnet have struck victims who use the scam's log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanity in place of the username or password, says Joe Stewart, director of malware research at SecureWorks.

Users who know better than to divulge their online banking username and password in the forms linked from phishing emails, but who use words such as "phish" or a wide range of what Stewart calls "bad language," are targeted for a follow-on malware attack.

"The phishers are looking for three things," says Stewart. "First, if you don't fill out the form completely, second, if you use the term 'phish'. And three, if you use any kind of bad language."

Although users who talk back will sidestep the identity theft, they may be at risk from the second-round attack, which is launched by a recent version of Neosploit, a well-known multi-exploit attack kit often used by hackers.

Users who have not kept Windows up-to-date, or applied patches for popular browser plug-ins, such as QuickTime and Flash, will be vulnerable to the Neosploit attacks, Stewart says.

More people than you would think blast back at phishers in the log-in screens, Stewart says, noting that when SecureWorks locates data obtained by phishers, it often includes a "fair amount" of profanity and other uncomplimentary comments. "People think, 'While I'm at it, I might as well take some retaliatory action'," says Stewart.

The Asprox botnet contains at least 50,000 compromised computers, maybe more, Stewart estimated.

"I can't recall seeing an attack quite like this before," he adds.