All the latest UK technology news, reviews and analysis
|
|
|
26 Aug 2008
A new attack spotted on virtual world Habbo Hotel is causing researchers to worry.
The phishing operation attempts to steal user account names and details from the popular teen online world.
Like other phishing sites, the attacker creates a phony page designed to look exactly like the Habbo site, said Face Time malware research director Chris Boyd.
However, said Boyd, the attack has one unique and worrisome feature: it actually logs the user into the site.
Boyd explained that normally, phishing sites will pass the user on to an 'invalid login' screen after the details had been entered. This will often tip savvy users that they have just been phished, prompting them to access the actual site and change their details.
The Habbo phishing page, however, is embedded with a script which passes the login details to the actual Habbo Hotel site. In turn, the user is automatically logged in to the service, providing no clue that a phishing attack has occurred.
While the attack is currently limited to the Habbo Hotel service, Boyd worries that it could be used to great effect on more sensitive targets.
"If this kind of devious tactic is employed for banking phishes, it'll make it all the more crucial that end-users start to think about running Anti-Phishing programs and browsers that have built-in Phish Detectors because the stakes seem to have raised once again," he wrote.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java / Oracle Coherence Technical / Solution Architect...
ASP.Net/C#/Web Development/Desktop Development/Winforms...
My Major client urgently requires an experienced contract...
Decision Systems Analyst West Midlands £19-24,000 Are...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Amazinng
It is actually amazing how these guys keep coming up with innovative ideas and how smartly they put them to action. Who would have imagined that a Phised site does not end on an invalid page but keeps the user to continue. As a banker this could result into heavy damaged and loss of reputation. Normlly, when a person receives an e-mail asking him to log onto the site and provide his/her curcial info facilitatng the phishers to use to to their advantage, the site ends there. Now imagine if such a site allows the user to transfer money and the phishers at the background are able to divert the money to their accounts, there would possibally be a very faint trail to catch them. Piyush Sood - newsaboutfrauds.blogspot.com
Posted by: Piyush 26 Aug 2008