Showing posts with label Phising. Show all posts
Showing posts with label Phising. Show all posts

Sunday, August 21, 2011

What is Pharming Attack? -DNS Poisoning


I hope you know about Phishing attacks. In phishing attack, the user will be tricked to visit a fake page by sending scam emails.  If you clever to notice the url of the site, you will find the url is not original one.  So , it is possible for a user to detect the phishing attack by verifying the url. But hacker can bring the phishing attack to the next level with the pharming attack.

What is Pharming?
Pharming attack will redirect to the fake(phishing) page even though user enter the correct address. For Eg: facebook.com will show the fake page instead.The term pharming is a derived from farming and phishing. In recent years both pharming and phishing have been used for online identity theft information. Pharming has become of major concern to businesses hosting ecommerce and online banking websites
How does it works?
Method 1: DNS Poisoning: 

1. Attacker hacks into the DNS server and changes the IP address for www.targetsite.com to IP of www.targetsite1.com (Fake page).

2. So if the user enter the URL in address bar, the computer queries the DNS server for the IP address of www.targetsite.com. 

3. Since the DNS server has already been poisoned by the attacker, it returns the IP address of www.targetsite1.com(fake page).

4. The user will believe it is original website but it is phishing page. 

Method 2: HOSTS file Modification:
This method is local DNS poisoning. 
What is host file?
     The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:
 C:\Windows\System32\drivers\etc\
It will change the fields of hosts so that original website will point to some other fake page.  Please read this article to know more about this method: Use original Domain for phishing using hosts file

Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting you to a fraudulent website when you type in a legitimate address.

Instances of Pharming:
In January 2005, the domain name for a large New York ISP, Panix, was hijacked to point to a site in Australia. No financial losses are known.

In January 2008, Symantec reported a drive-by pharming incident directed against a Mexican bank in which the DNS settings on a customer's home router were changed after receipt of an e-mail that appeared to be from a legitimate Spanish-language greeting card company

In a poisoning attack in early March 2010, requests from more than 900 unique Internet addresses and more than 75,000 e-mail messages were redirected, according to log data obtained from compromised Web servers that were used in the attacks, says PC Mag.

Prevention over Pharming:
  • Use some Anti Phishing Addons for Mozilla to detect phishing webpages.
  • Use spoostick Addon that will detect the fake pages
  • Use Internet Security Software(kaspersky, BullGuard Internet Security)


Continue   Reading>>

Advanced Tabnabbing -Phishing Attack simplified


What is Tabnabbing ? 
Tabnabbing is Phishing attack that simplifies the phishing.The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert.  This will reload the inactive tabs with fake page .

How The Attack Works ?
  • A user navigates to your normal looking site.
  • A malicious code detect when the page has lost its focus and hasn’t been interacted with for a while.
  • Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
  • As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
  • After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Targeted Attacks:

Using my CSS history miner you can detect which site a visitor uses and then attack that site (although this is no longer possible in Firefox betas). For example, you can detect if a visitor is a Facebook user, Citibank user, Twitter user, etc., and then switch the page to the appropriate login screen and favicon on demand.

Even more deviously, there are various methods to know whether a user is currently logged into a service. These methods range from timing attacks on image loads, to seeing where errors occur when you load an HTML webpage in a script tag*. Once you know what services a user is currently logged in to, the attack becomes even more effective.

You can make this attack even more effective by changing the copy: Instead of having just a login screen, you can mention that the session has timed out and the user needs to re-authenticate. This happens often on bank websites, which makes them even more susceptible to this kind of attack.

You can get this code from here:
http://www.azarask.in/projects/bgattack.js

How to protect yourself from this hack?
  • You can use a safe browser that uses anti-javascript plugins (Firefox with noscript). Note: Advanced Tabnabbing will work even javascript is not enabled. 
  • Check the url in the address bar.
  • If you got link in emails, enter the url in address bar instead of clickin it.
  • You can use some Anit Phishing add ons like(Don't Phish me,Netcraft,FirePhish) .

Continue   Reading>>

Wednesday, December 29, 2010

How to Hack the My space account


If you like to hack some one's my space account ,then you came to right place.  There are two easy methods for you.
  • Keylogger
  • Phishing
Keylogger:
Continue   Reading>>

Tuesday, December 14, 2010

Use Original Domain Address for Phishing Web page


phishing image
If you don't know about Phishing Web Page, you need to read this tutorials first:

Once you learned something about phishing, you can come back to this article. 

It is easy for a person to identify the phishing page by looking at the url of the webpage.  But for tricking users, hacker can use original domain address.  But how? Let me explain in this article.

Continue   Reading>>

Tuesday, November 23, 2010

How to create fake or Phishing web page for gmail




 This post will explain you how to create fake or phishing web page for gmail. This Procedure can be used to make fake page for other websites like yahoo,msn,or any other sites which you want to steal the password of particular user.

Steps for Creating Phishing or Fake web Page:

Step 1:
Continue   Reading>>

Saturday, November 20, 2010

How to Hack Facebook Account Using Phising webPage



BTS' readers used to ask me how to hack Facebook accounts.  Most of the people curious to know how hackers take control of their accounts.  In this post, let me clarify those doubts.

Here, i am going to explain one of the popular social engineering attack(luring user to do whatever you asked to do.), called "phishing" .

Phishing is one of the popular hacking technique used by hackers to lure victims into giving their login credentials.

Phishing WebPage:
Phishing webpage is a fake webpage of the target website that helps hackers to lure the victim into believe that they are visiting the legitimate website.

Let me explain how to create a facebook phishing page.

Step 1:
Go to facebook and right click on website .  Select "View source" and copy the code to notepad.

Continue   Reading>>
Older Post Home
 

© Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com