Four browser nets and one phish
Not all browser nets can catch the same phish. One Friday evening, just before I wanted to go home, I received an interesting email.
It contained sentences like " We recently reviewed your account, and suspect that your PayPal account
may have been accessed by an unauthorized third party" and words like "protected", "security" and "unauthorized". Of course, at the end of the email, there were directions to click on a "Paypal" link to update information like login name and password.
Of course, everyone knows about phishing these days. What was really interesting were the clever ways they wrote the code to make the link to their phishing site more discreet. So I decide to see what major browsers such as Microsoft Internet Explorer, Google Chrome, Opera, Mozilla Firefox, and Apple's Safari would do if I tried to click through. I used their code, just substituting avast.com for the malicious malware site.
I started out with Internet Explorer, version 8.0.6001.18702. This pleasantly surprised me as it blocked my attempt to click on this link.
The second browser tested was Google Chrome, version 13.0.782.107. When I moved the mouse over the link, it showed me that the link goes to avast.com
But when I clicked on the link, it directly took me to the avast.com site without a warning.
Opera, the third tested browser, behaved similarly to Google Chrome. When hovering over the link, it indicated that something was suspicious, but after clicking, I was redirected without any warning.
The fourth browser was Mozilla Firefox. With the older version 3.6.18, you need really good eyes to see that there is something wrong.
In the latest version 5.0.1, you can find that developers have focused on this problem.
The last browser tested, but not the least, was Apple's Safari. When i clicked on link, it showed me a huge warning that the link could be used for phishing.
The moral of the story is this: There are a lot of smart phish in the ocean - and they are getting better at looking more legitimate. And, in at least this single case, there was a wide difference between individual browser's ability to identify suspect code and warn users about potential problems. Security against these attempts still remains the responsibility of the individual computer user.
Social engineering used to trick Facebook users into downloading Advanced Persistent Threat disguised as Kik Messenger app.
The cryptominer botnet attacked over half a million Windows servers and computers so far...but that number is growing.