Phishers Use Linux for More Organized Attacks
eBay recently conducted an in-depth analysis of online threats to find that phishers were making themselves more organized in their ruses. Some even get financial support for developing superior malware to attack innocent computer users.
Dave Cullinane, Chief Information Security Officer, for eBay said at a Microsoft-sponsored Symposium that the auction site had discovered a number of hijacked computers being added to botnets during their research. TECH.BLORGE reported this on October 6, 2007. About phishers' tactics, Cullinane further said that their e-mails were getting more sophisticated and were becoming difficult to detect.
Cullinane shared his experience about fighting phishers when he was previously working with Washington Mutual, where he was horrified to find that most phishing attacks occurred due to Linux boxes infected with rootkits rather than due to Microsoft boxes.
Phishers prefer to target Linux because of its stability. Phishers who used a rootkit program in those boxes could make attacks difficult to detect. Users of Linux machines wouldn't even realize when they were attacked.
Although Linux is considered safer than Microsoft Windows, many software running on Linux have security vulnerabilities. And when an attacker exploits a bug devoid of a patch on the system, it would not be difficult for him to take over the machine.
Linux being highly reliable and very well suited to run server programs, phishers desire Linux machines. They establish fake Websites on them hoping to be able to trick users into revealing their passwords.
While Linux machines are popular used for phishing attacks, and they are also components of networks that control and command botnets, they rarely become the actual bots, said the Vice President for Symantec Security Response, Alfred Huger. Botnets are generally with Windows program, Huger added. PCWorld reported this on October 3, 2007.
Since Linux computers are good platforms to create maliciously crafted networking packages, they are useful for highly sophisticated Internet attacks, said Iftach Amit, the Director of security research at Finjan Inc. PCWorld reported this.
Such capabilities of Linux computers make them highly popular among online hackers who fetch an amount to hire such compromised PCs from the underground market, Amit said.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 19-10-2007