RE: The end of Phishing in sight?

["Richard M. Smith" <rms () computerbytesman com>]

> > > The economics of this approach are very costly to the fraudster.

I don't think the technology and manpower are very costly at all.  The bad
guys just need to write a couple of scripts.  One script at the phishing Web
server sends the login information to an operator's computer.  The second
script is running on the operator's computer receives this information and
automatically logs into the online bank account.  It then beeps the operator
to start stealing money.  The operator can even work as a contractor for the
frauster.  Given the payback, fraudsters will quickly implement these kinds
of systems.

The script that runs on the operator's computer can easily written in less
than a 100 lines of JavaScript running as an HTML application (.HTA).  It
uses XMLHTTP to poll for login information and ActiveX interface into IE to
automate the login process.

This demo would make for great TV.  The camera would show a "victim" going
to a phishing Web site and a second computer belonging to the "bad guy" log
into the real online bank account.

Richard 
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.