RE: Sunbelt: Anatomy of a Malicious Host File Hijack

["Todd Towles" <toddtowles () brookshires com>]

Fergie wrote: 
>
http://sunbeltblog.blogspot.com/2006/01/anatomy-of-malicious-host-file-h
ijack.html

I wanted to put this out on the table for everything, I would enjoy your
input. Most of the time, I set my HOSTS file to read-only in Windows XP.
I understand this is a very simple thing to do and it could be easily
bypassed, however...are these trojans and major host file hijacks so
focused on the default setups, that a simple customize could throw them
off??

Also, I have a couple of other ideas for this "Security thru
Customization" idea. I look at it like I do "Security Thru Obscurity".
Customization by itself is not security measure, but when used in a
defense in depth idea, it can be very helpful.

 One example. Around a month ago, a friend and I ran into a very tricky
Paypal phishing site. It was using one of those pretty advanced IE
Toolbar tricks. We eneded up reporting over 20 exposed CC/Palpay
accounts.

The trick was very clear to me because it moved my address bar down to
the "default" space. I normally move my toolbar up on the same line as
the "file, Edit, view, etc". I know this is very simple and shouldn't be
looked at as a security countermeasure but it does have its uses.

Can anyone think of another "Security thru Customization" event has
happen to help them notice something wrong...or something was fake?? I
would like to get some stuff together and write-up a blog entry. Thanks
in advance.

-Todd


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.