Digital Transactions Authoritative, insightful and timely information for payments professionals
Up to now, phishing schemes only worked if the fraudsters could entice recipients of their e-mail to visit transaction sites tricked up to look like the real thing, such as a fake eBay site or spoofed online banking site. The sites would collect login and other confidential information the criminals could use to defraud their victims or sell to other fraudsters. But now a piece of malware discovered last week has changed the phishing game in alarming ways. The malware loads on victims' computers automatically when they open the bogus e-mail and then makes changes that redirect the victims to faked sites even when they enter the Web address of the real site, or click on the site's bookmark. MessageLabs, a U.K.-based security firm that discovered the new phishing scheme, says the malware has so far targeted only three banks in Brazil, and has circulated in small numbers. “It's a proof of concept, to see if it's going to work, to see how many hits it will get, and to see how many machines are vulnerable,” says Maksym Schipka, senior anti-virus researcher at the firm. “But the idea could very easily, within a half a minute, be applied to any bank you could think about.” The malware, which exploits a flaw in Microsoft's Internet Explorer browser, substitutes the IP addresses of criminals' machines for the ones properly associated with banking sites or any other sites likely to require login or account data to view accounts or perform transactions. Thus, users who type in a URL or click on a familiar bookmark will go to the phish site instead of the real one. The e-mail itself may contain nothing or just nonsense, since the payload rather than the message is what is important to the fraudsters. Schipka says Microsoft released a patch for the vulnerability about four months ago, but an untold number of machines have not installed it. “It's difficult to speculate [how many machines are vulnerable],” he says. “But it's many more machines than one would expect.” Schipka fears that once the criminals behind the malware have completed their “proof of concept” test, they could unleash an e-mail blitz containing the bug. “If they are happy with the statistics they are getting, they can start doing 'miracles,'” he says.
