Phishers Apply Fresh Tricks for Bypassing Browser Blacklists

M86, the security company reports that Internet fraudsters are using one fresh tactic to launch phishing attacks that helps them evade blacklists within Web-browsers.

Actually, certain browsers spot phishing websites very well, the company outlines, while they caution Web-surfers through an alert notification during the latter's attempts at accessing an Internet site which's risky.

Consequently, fraudsters are currently finding a solution with one fresh trick for enticing victims through spam mails in which HTML files are attached, which when viewed, are stored on the host machine, explains M86.

These HTML files pretend to be forms that if an end-user completes with personal details, which the fraudsters intend for grabbing, followed with clicking on its "submit" button, then those details get transmitted via a "Power-on self-test" (POST) demand to a Hypertext Preprocessor (PHP) code whose host Web-server though legitimate is actually compromised.

Significantly, POST is utilized whilst data gets transmitted from a PC to an online-server.

Noted M86 that since hardly any PHP website is flagged as exploitive, this action doesn't kick off an alert from the Web-browser.

The company states that phishing scams that are months old remain unidentified, therefore this trick appears very effective. Theregister.co.uk reported this on March 17, 2011.

Actually, when a POST request is issued, the associated website should become detectable within the browser, the company discloses.

Hence, Rodel Mendrez, a researcher at M86 asks the reason that's behind the difficulty in spotting a phishing tactic of this kind within a browser. Infosecurity-magazine.com reported this on March 16, 2011.

Mendrez says that since hardly any PHP URL is flagged as exploitive, its associated website doesn't get recognized as a phishing website.

He continues that only the URL can little be detected as a phishing website since when the PHP code gets active inside the server, even whilst clicking on "submit" no HTML gets exhibited, except that the browser gets diverted onto the main page of the compromised website.

Eventually Mendrez says that a rise in phishing scams of these kinds has been observed during the recent period; consequently, users must exercise caution while coming across an HTML form that requests confidential information.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 3/25/2011