The use of exploit kits is allowing phishing fraudsters to develop scams that only rely on tricking prospective marks into clicking a link, rather than submitting all their details to a bogus website. Many recent phishing runs spotted by Trend Micro have made use of the notorious Blackhole Exploit kit. The hacker favourite is …
Accept my cookies
The floating around 'will you click to accept the cookie' banner that most sites including El Reg use could be used for nefarious purposes could it not.
Now ask me why ...
... I advocate ASCII text email readers. The friends & family I take care of haven't seen email-delivered exploits in over two decades.
Why? Because email is text. It's just ASCII. You read it, and possibly respond to it. But you don't interact with it. It's store-and-forward, not here-and-now. Kinda like old-fashioned ink-on-paper letters ... but in pseudo real time.
Re: Now ask me why ...
I'd rather ask you why all of those people were online in 1992, less than two years after Sir Tim created HTML and before most people even had a machine that was capable of those feats of connectivity.
1998-2000 is when most people came online, 70 million (worldwide) at the end of 1997 became 361 million (worldwide) by the end of 2000.
Slight exaggeration, or do you have an unusual cluster of very early adopters gathered around you?
I ask, because they're all probably doing something now that the rest of us won't begin to seriously adopt for another 5-10 years and I'd like to train/invest.
Re: Now ask me why ...
Email exploits these days don't have infected code as an attachment or a script, they encourage you to visit a website that contains the payload. As a result, it makes no difference whether your email client is Outlook or an ASCII only client.
@chr0m4t1c (was: Re: Now ask me why ... )
"I'd rather ask you why all of those people were online in 1992"
My "friends & family" Sun 3/470 "Pegasus" has been in near continuous operation under Bryant Street in Palo Alto since 1988ish. We were using her to communicate then, and we still use her today. She has outlasted five "headless" laptop Slackware fallover boxen ... I honestly think I'll shed a tear or two when she finally goes titsup, even though I'm not prone to being emotional about hardware.
Prior to that, I had an AT&T 3B1 (or PC3700, aka "UNIX PC") in the same location (1985ish). Prior to that, I had a series of DEC PDP11 kit (first installed in the late 1970s, also in the same location). All were/are used for text communications via dialup for my family & select friends. Today, obviously, I augment dial-up with Internet connectivity. Yes, the system is fire-walled using modern technology.
@jonathanb (was: Re: Now ask me why ... )
Difference is, with an ASCII email client, the user has to copy & paste the address into the web browser ... so the user actually SEES the address before connecting to it.
On top of that, it actually takes an effort ... no "click & be had".
The user still gets the ASCII message intended by real correspondents.
"tricking prospective marks into clicking a link"
Until the average punter learns that he/she should not click on any link in any context unless they are certain of the site's or the e-mail's bona fides these scammers will continue to be on earners. It is not as if people are not being regularly warned about this kind of thing in the main-stream media - they are. I frankly speaking do not have any idea what can be done to get the average pc user to stop doing this. These issues have had loads of publicity all over, not just at sites like El Reg. It ought to be bloody obvious by now that "free porn", "you have won", "account cancellation alert", "update your account details" etc should ring very loud warning bells even amongst those whose IQ is challenged by their shoe size. I am not seriously suggesting that people should have to apply for a pc-license and take a test but sometimes the temptation to do so is overwhelming!
Re: "tricking prospective marks into clicking a link"
Part of the problem is that it is usually obvious to IT geeks when a link is suspicious but not so much for your average punter.
I use my mother as my average punter yardstick and she is completely clueless on this front no matter how much I try to train her. Put her on a New York/London street and she's got better street smarts than me, but it all goes out the window when she's on the PC. It took me a long time to break her of playing Pop-Cap free games and their ilk. Only accomplished it by getting her to switch to Zynga's FB games instead. At least there she's smart enough not to follow the links for free Farmville cash.
@Tom 13 RE "but not so much for your average punter."
Yes, this is in fact a real problem that I in my opinion is rooted in the education system. We are the last generation that have grown up with people for whom the pc is some "new thing". When I was a very little lad a much loved friend of our family was a very elderly gentleman for whom the telephone was something he hated and feared despite the fact that he was a chap of considerable intellect. This "technophobia" is something we have to address - though how we tackle it is something that I do any good suggestions for.
@Tom 13 : I should of course have made clear that I am in my middle fifties - that makes.......
...........my point about the time-line and "culture" issue I referred to rather clearer. That was the "we" I was speaking about. -:)
Which is why I stick to plain text email only.
I once nearly got caught by an HTML scam (on a webmail account.) I was expecting a message and a scam one came up, it was only a typo that alerted me.
I removed the webmail account from the service and now only use mail accounts that can be accessed via a plain text client for such purposes.
Get a good mailwasher
I been using Mailwasher Pro for many years which allows me to preview my e-mails on the mail-server before I download them. Any that I don't recognise can be deleted on the server and I never have to download it to my computer. If it's spam I have filters that automatically delete the e-mail and make me aware that the e-mail has been deleted, or that automatically delete the mail without me even knowing. Great for deleting spam based on keywords.
I dont think that changes anti phishing advice at all
"dont follow links from spam in your mailb wether its claiming to be your bank or offering you a bigger penis."
This new tatctic would rely on a recent unpatched drive-by vulnerability being available , rather than the old method which will work purely on user stupidity
Re: same ol
christ look at my typing on that last post.
I've either had too much coffee , or not enough
Re: same ol
"dont follow links from spam in your mailb"
The problem is that it's getting more and more difficult to identify the spam. It used to be identifiable by its bad spelling and punctuation, but what with the phishers becoming more literate and the banks more illiterate, that's no longer a reliable test.
I had some sex spam in my mailbox...
... but the quality of the writing proved they were no cunning-linguists
Blackhole preys on browser exploits?
> Blackhole preys on browser exploits, Adobe software bugs and most recently the latest Java vulnerabilities, a particular successful strategy since third-party software frequently goes without updates.
Nothing to do with the Underlying Operating System, which shall for ever remain nameless :)