This article doesn't talk about the techniques used by the spammers. An email that came out a little while ago has a link that sends the victim to a server on the web that uses JAVA to turn the machine into a PROXY like system. The other end of the proxy is the financial instituion's website. The victim actually is looking at the real website of the institution they may have an account on. When the user logs in, the "PROXY" site collects the information and the crackers use it at another time. The victim can log on to their account and do anything they want, but all activity could be logged. I received one of these emails and collected all the JAVA files from the server for analysis. Also, I have a list of server IPaddresses that have been used in the last month. I even called the financial institutions customer service with hopes of being sent to their fraud service, but the person wouldn't connect me through to them.

If there are any law enforcement services out there wishing to see this information, please post a follow-up to this message and I will discuss the information to you. I will share all file data with you once your identity and affiliation has been verified.

All clients of financial instutions need to be made aware of this "man-in-the-middle" type attack. The normal user would not recognize it if they saw it.

Thanks,

Metzelplik

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/8289/25508#25508