TechForums - News - Web 2.0 Phishing Leading To Multi-Vector Attacks

		TechForums > News > Internet > Security
Web 2.0 Phishing Leading To Multi-Vector Attacks

Home

Forums

Views

Author

newsroom

RSS Feed

Get News!!

Web 2.0 Phishing Leading To Multi-Vector Attacks

February 2009 - During 2008, online fraudsters worldwide demonstrated their adaptability by defeating a range of email and Web filtering services offered by different security vendors. From the fraudsters' perspective, the attack strategy includes more than registering fake accounts or email addresses, sending mass emails over the Internet, infecting thousands of user machines, and stealing information. It also involves switching things up with a combination of different tactics, all with a consistent goal of targeting or reaching their prospective users over different areas of Internet.

Blogging Phish

Online fraudsters have continued to increase and expand their efforts, increasing the sophistication of their attack strategy by using Web 2.0 functionality. Their apparent goal is to expand their threatscape over various Web-based services.

In a Web 2.0 world, users are given privileges such as the ability to create content, edit HTML directly, upload files, and distribute content. Blogging, commenting, and similar methods of information exchange collectively form a significant and widely-used segment of the Web 2.0 space. This power is being abused by fraudsters to carry out user-targeting attacks that pose a direct threat to the Web 2.0 space, and also have a significant impact other Web and email-based services.
Fraudsters have been constantly improving their underground ecosystems and adopting different attack strategies to target unsuspecting users. This trend has increasingly affected various popular services provided by major players in the Internet's email, Web, and Web 2.0 arenas.

Recently, attackers have used a combination of Web 2.0 functionality and the abuse of various Web-based services to drive their attacks.

Abuse of Web 2.0 functionality (Google's Blogger Phishing)
Older attacks abuse Google's Blogger service directly, using Anti-CAPTCHA operations to create and register fake accounts that are used to carry out attacks. Such attacks have proven success, relying on the trusted reputation of Google's services. Newer attacks, however, aim to increase the lifetime and scope of the attacks. These attacks rely on the trusted reputation of different, legitimate Web-hosting service providers.

The phishers and malware authors have started phishing Google's popular Web 2.0 service Blogger. Fake blogs (blog pages) are created and published that appear identical to Google's Blogger, but are not owned or hosted by Google's services. These phishing pages are designed to appear legitimate.

Most of the code is standard HTML (per Blogger styles), with stylesheet information for formatting the page and the structure. Multiple faux-Blogger phishing pages (showing attackers' customized content) are created, along with multiple spam blogs (splogs) and spam blogospheres (splogospheres). These are heavily interlinked, and hosted on various legitimate Web-hosting services.

The following screenshot shows a fake "Blogger" phishing page, consisting of a spam blog (splog) hosted by a non-Google Web-hosting service provider. The fraudsters have included references to legitimate services in their splogs and splogospheres to target unsuspecting users. These tactics are used to increase the chances of success with their attacks.

Related News

•

Members's Comments Currently there are no comments.

All times are GMT. The time now is 05:32 PM.