Adobe Flash - Zero Day Exploits

Adobe has issued patches for a zero day exploit vulnerability in Adobe Flash.
http://www.pcworld.com/businesscenter/article/240376/urgent_patch_adobe_flash_to_protect_against_zeroday_exploit.html#tk.rss_news

Phishing Infrastructure & Modus Operandi

A study on phishing domains and phishing infrastructure. Phishing web sites are short-lived ranging from 55 minutes to 3 days.
http://www.usenix.org/events/leet08/tech/full_papers/mcgrath/mcgrath_html/

Pharming Attack on Brazilian Banks

RSA Report June 2011:
"A typical local pharming Trojan consists of standard malware strains that modify a victim’s
hosts file or intercept a machine’s IP-resolution process. By changing the hosts
file of a computer, specifically the IP address associated with a website, the victim is
redirected to a phishing website set up to capture specific information, such as online
banking credentials, which are then sent to the criminal. "

Read more:
http://www.rsa.com/solutions/consumer_authentication/intelreport/11439_Online_Fraud_report_0611.pdf

RSA Online Fraud Report, Feb 2010

"Online crime is constantly evolving and
fraudsters do not discriminate against any
organization or person. Online attacks
involving phishing, pharming and Trojans
represent one of the most organized and
sophisticated technological crime waves
worldwide. Online criminals work day and
night to steal identities, online credentials,
credit card information, or any other
information that they can efficiently
monetize. They target organizations in all
sectors, as well as any person who uses the
Internet at work or at home.
These online criminals also have new tools
at their disposal and are able to adapt more
quickly than ever with advanced crimeware;
rapidly deployed using stealth mechanisms.
Their supply chains have evolved to match
that of the legitimate business world,
including the ability to provide what RSA
coined “Fraud-as-a-Service”.
------------RSA Online Fraud Report, Feb 2010
http://www.rsa.com/solutions/consumer_authentication/intelreport/10763_Online_Fraud_report_0210.pdf

Phishing Techniques

The Honeynet Project has captured data on three different types of phishing techniques:
1. Compromising web servers
2. Port redirection
3. Using botnets
Details at:
http://www.honeynet.org/node/89

Simple Shellcode Obfuscation

Simple Shellcode Obfuscation
http://funoverip.net/2011/09/simple-shellcode-obfuscation/

Gives practical  information as to how shellcode can be obfuscated using PERL scripts to evade anti-virus and IDS detection.
The deobfuscation technique is also explained.
Obsfuscated code will have to be deobfuscated at run-time.
Run-time code is automatically deobfuscated. The deobfuscation stub in assembly language is given.\

Thus realtime analysis of run-time code will indicate the real behavior of the shellcode.

-Joseph Ponnoly

Phishing Activity Trends - 2 H 2010

The AntiPhishing Work Group's Report on Phishing Activity Trends for the 2nd Half of 2010 is given below:
http://www.antiphishing.org/reports/apwg_report_h2_2010.pdf

Joseph Ponnoly

Banking Scam Revealed- Symantec

The link below gives a detailed account of Symantec's analysis of a phishing email scam involving CitiBank
http://www.symantec.com/connect/articles/banking-scam-revealed

-Joseph Ponnoly

Phishing Threats

Computer users receive emails from their bankers or friends asking for updating their personal information by clicking on links provided in the mail.  They take it for granted that these are genuine mails and in good faith click on the links.  The phishers who are organized criminals redirect the users to malicious websites and harvest their personal information. The users ultimately become victims to identity theft, financial frauds and even more serious crimes leading to blackmail, murder, and so on.

Phishing attacks engineered by criminals through the medium of phishing emails ultimately lead to loss of consumer confidence in online transactions that include financial transactions and social interactions through Facebook and other social networking sites.

This is an attempt to survey the phishing threat landscape, to identify the criminal groups and their modus operandi and to understand the impact of phishing on online users.

-Joseph Ponnoly