[IP] Increasing sophistication of phishing spammers
Begin forwarded message:
Date: Tue, 23 Nov 2004 10:08:28 -0600
From: Dan Wallach <dwallach@xxxxxxxxxxx>
Subject: Increasing sophistication of phishing spammers
I recently received a spam message claiming to be a response, forwarded
to
me via eBay, in regards to an item I was auctioning. Of course, I have
no
auction going on eBay, making it obviously fake. The message was an
HTML
message and included numerous in-lined images from pics.ebaystatic.com,
helping make the message appear more real. A link at the bottom,
attacked
to a "Respond Now" button (which users might presumably click to
helpfully
say "you got the wrong person") takes you to an IP address that has
nothing
to do with eBay and which feeds you a recent JavaScript exploit against
Internet Explorer. That JavaScript appears to be in Unicode (making it
annoying to look at with Emacs), and further contains a hex-encoded
message
which is decoded with JavaScript's "unescape" operator. The exploit is
designed for Internet Explorer, but caused Firefox 1.0 to wedge. I had
to
restart it.
This particular spam seems intended to take over machines, presumably
for
zombie purposes. I've gotten other spams that similarly inlined "real"
images to lure unsuspecting users toward credit card information
phishing
sites.
Issue #1: eBay and similar companies should eliminate these public
servers
that serve up static images for e-mail and should pay attention to
referrer
information to refuse images being sent to pages other than their own.
Make
the spammers work harder to make their pages look "real". They'd either
need to set up their own static image servers, or they'd need to embed
the
images in the spams as MIME attachments, making the spam larger and
reducing
the number of spams they can send with a given amount of bandwidth.
Issue #2: I get plenty of legitimate e-mail from companies with which I
do
business, such as my preferred airline, car rental, and credit card
vendors.
All of them have my e-mail address and occasionally have real reason to
send
me messages (e.g., I like getting an e-mail copy of my travel
itinerary).
Even those companies, however, occasionally send me "promotional"
messages
and such, even though I always go out of my way to select the "don't
e-mail
me" option. As long as we're using e-mail for business purposes
(either in
response to actual business, like when I reserve a plane ticket, or
"promotional"), then we're going to have spam that imitates this
legitimate
mail. Probably the only true answer is for eBay, my credit card
company,
and all of these other vendors to start digitally signing their mail.
S/MIME has been integrated in modern e-mail systems since 1996 or 1997.
It's time for these firms to use it.
------------------------------
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/