Saturday, March 22, 2008

Malware installation attempt via phishing

I got this email yesterday and it immediately caught my attention, maybe due to the recent news about malware being installed via legitimate website. Or maybe most of the previous phishing attempts were about stealing username/passwords. This one is about installing something on their machine (which i am sure is some sort of malware). This might be a shift in the approach and of course it makes a lot of business sense for bad guys too. Why steal username/password of one site when you can install a keylogger and get hell of a lot more information. Moreover, this is also less effort on the part of phishers since they don't have to go through the hassle of setting up the phishing site (no matter how automated it has become for them) and the window of attack could be bigger then the traditional phishing approach.

I think their new motto is "if they are dumb enough to enter their username/password, then they are dumb enough to install a malware".

Check out the email below and please be very careful with the link.


From: "Bank of America"
Date: March 22, 2008 5:59:08 AM PDT
To:
Subject: important reminder: digital certificate issued

Dear Bank of America Direct User:
Our records indicate that a new digital certificate has been issued to your Bank of America Direct user ID.
Digital certificates are computer-based records issued to individual user IDs that allow Bank of America Direct to validate your identity and protect your information from unauthorized access. In order to access Bank of America Direct, you must use a valid digital certificate.

Installation Instructions
To install your newly-granted digital certificate, please access the Digital Certificate Pick-Up site at:

http://direct-certs.bankofamerica.com/direct/certpickup.asp?session=971974397406832591921867087087815132658676515377821210267
Actual Url - http://direct-certs.bankofamerica.com.vllrvop.mobi/direct/certpickup.asp?session=971974397406832591921867087087815132658676515377821210267


Please have your Bank of America Direct login information readily available when completing this process.
Should you have any questions regarding this process, please consult your Company Administrator or contact your regional customer support center for further assistance.

Sincerely,
Bank of America Direct Technical Care Center

NOTE: This is an automatically generated communication.


Thursday, March 06, 2008

WASC meetup at RSA


RSA conference is around the corner and a lot of people from the webappsec field would be coming over to the conference. This is a perfect opportunity to meet with your peers. To facilitate that, WASC is organizing a meetup on April 9, 2008 12pm to 2pm. Whitehat Security has graciously accepted to sponsor the event. Please click on the image to see a larger version of the invite.

Last year WASC meetup @RSA
http://myappsecurity.blogspot.com/2007/02/today-at-wasc-meetup-quite-lot-of-crowd.html