back to article You're not cool enough for some malware

As part of a review of phishing in 2012, RSA has outlined how phishers are now using “whitelists” to narrow down their attacks. In what the company calls “bouncer list” phishing, RSA writes that attackers are now using “black hat whitelists”. Only those on the target list will see the malware page crafted by the attackers ( …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    That's really cunning...anyone investigation wouldn't see anything unless they were using the victim's computer/IP.

  2. Anonymous Coward
    Anonymous Coward

    *investigating...DOH!

    1. frank ly

      @moiety

      You can edit posts now. Go to 'My Posts' to see the 'Edit' button under your post. It's active for some minutes after you create the post. I think it deletes the original post to indicate that an edit has been made.

  3. John Tserkezis

    That explains why I've been seeing a clear drop in quality of email malware coming in over the past few years.

    Not only can they no longer spell correctly, they don't even bother with correct formatting - both with the fake HTML email pages and the text-only equivalent.

    Heck, many don't even bother obscuring the target malware links within html so they would "look" right on the mail client page... Even the ones that take to you pwned websites don't have web pages that look like the bank they're supposed to emulate.

    Worst of all, THOSE are the ones that we're warned about in media here in australia.

    (shakes head) they just don't put any effort into it anymore...

    1. auburnman

      I don't know, I've been seeing some really well formatted and worded phishing emails of late pretending to be Paypal; the only clues were the lack of use of my name and the attempt to get me to click on a link in the email. It was worryingly convincing enough that I thought I could have fallen for it if I'd been sleepy or having an off day. It makes me concerned that the amount of less aware tech users amongst us being scammed could increase.

  4. jake Silver badge

    "Cool enough?"

    Surely you mean "stupid enough"?

    Just askin' ...

    1. DF118
      Go

      Re: "Cool enough?"

      I'd go for "on balance of probability, rich enough and stupid enough"

  5. Franklin

    Yep, I've seen these.

    I've also seen the malware pages check the browser user-agent to make sure it's a vulnerable browser and/or the targeted platform.

    Visit the site without the validation string that's included in the email link, you see a 404. Visit the site with your browser user-agent set to, say, Linux Firefox, you see a 404. Visit the site with the correct validation string and your browser user-agent set to IE 7, you get a drive-by download attempt.

This topic is closed for new posts.

Other stories you might like