Re: New Phising attack FUD or Real?

[Peter Besenbruch <prb () lava net>]

Dave King wrote:

> There have been several sites that have announced a new phishing
> attack that's been found in Brazil that rewrites the hosts file so
> that when certain bank urls are entered they get directed to the site
> in the hosts file rather than look it up on their DNS server....
> Let me know if I'm wrong and other mail clients would be vulnerable
> to this attack or if SP2 machines are vulnerable.  I also believe it
> is a good idea to disable WSH unless you need it (as it's a good idea
> to disable anything you don't use).

> Here are links to several stories about this new phishing scan.

Here is another, and it answers some of your questions:
http://www.theregister.com/2004/11/04/phishing_exploit/

The short answer is XP, SP2 is not vulnerable. Neither is any e-mail
program that blocks Javascript in an e-mail. It also helps if the e-mail
program doesn't use, or support ActiveX.

> the only article that seems to says anything about patched users
> being protected that I could find was this one:
> http://software.silicon.com/security/0,39024655,39125549,00.htm

In fairness to Microsoft, recent versions of Outlook and Outlook Express
allow you to block the execution of scripting in an e-mail message,
indeed, they are set to block scripts by default.
________________________________________________________________

Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html