Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - New Phishing Toolkit Uses Whitelisting To 'Bounce' Non-Victims->

Submitted by
chicksdaddy
chicksdaddy writes "Researchers at RSA say that a new phishing toolkit allows attackers to put a velvet rope around scam web pages – bouncing all but the intended victims.

The new toolkit, dubbed “Bouncer,” was discovered in an analysis of attacks on financial institutions in South Africa, Australia and Malaysia in recent weeks. It allows attackers to generate a unique ID for each intended victim, then embed that in a URL that is sent to the victim. Outsiders attempting to access the phishing page are redirected to a “404 page not found” error message.

Other phishing kits have used IP address blacklists to block anti malware companies from viewing their malicious pages, but this is the first known use of whitelisting, RSA said.

The phishing attacks that RSA technicians discovered that used the Bouncer kit were designed to harvest login credentials from financial services firms. The whitelisting feature may well work, especially given the volume of potential phishing pages that security companies review each day. Getting a 404 message may be enough to get a forensic investigator or security researcher to move on to the next phishing site, rather than investigating."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Phishing Toolkit Uses Whitelisting To 'Bounce' Non-Victims

Comments Filter:

"The only way I can lose this election is if I'm caught in bed with a dead girl or a live boy." -- Louisiana governor Edwin Edwards

Working...