Jump to content

Phishing-based Trojans

Guest ~BD~

By Guest ~BD~
in General Windows PC Help

 Share

Recommended Posts

JeanInMontana

JeanInMontana

Posted
Posted

Don't open spam email, don't click on links if you do open them. Don't post your email on the www anywhere, don't forward email with addresses in them. When an email asks you to log onto what ever account, if you even have this account then open a new browser window and log on. Then see if there is indeed any business you need to attend for that account. Rarely is that the case.

Link to post
Share on other sites
Guest ~BD~

Guest ~BD~

Posted
Posted
Don't open spam email, don't click on links if you do open them. Don't post your email on the www anywhere, don't forward email with addresses in them. When an email asks you to log onto what ever account, if you even have this account then open a new browser window and log on. Then see if there is indeed any business you need to attend for that account. Rarely is that the case.

Good generalistic advice, JeaninMontana. Thank you.

However, it doesn't address the question! :unsure:

Attackers can redirect any of the users requests at any time and the end-users have very little indication that this is happening

There must be some way to tell. Does anyone have any suggestions? TIA

Dave

Link to post
Share on other sites
  • 2 weeks later...
Guest ~BD~

Guest ~BD~

Posted
Posted
Good generalistic advice, JeaninMontana. Thank you.

However, it doesn't address the question! :lol:

Attackers can redirect any of the users requests at any time and the end-users have very little indication that this is happening

If I am in doubt, how can I check that my Hosts file contains nothing untoward?

Spybot puts dozens of 'bad' sites in there and I have no idea which ones should be there! :angry:

Any thoughts on this? TIA

Dave

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Anything that's in there from SBS&D should be in there, or if your using a file like hpHosts and any of the others MVPHosts . The purpose of the Hosts file is to avoid bad sites. If SBS&D is adding them leave them. And a redirect is quite obvious. You don't go to the site you intended to go to.

Link to post
Share on other sites
Guest ~BD~

Guest ~BD~

Posted
Posted
Anything that's in there from SBS&D should be in there, or if your using a file like hpHosts and any of the others MVPHosts . The purpose of the Hosts file is to avoid bad sites. If SBS&D is adding them leave them.

OK - I do understand. I'm not sure, though, if there are any which may have been added from elsewhere! I have no idea how to check. I suppose I could delete all entries and then let Spybot reload it.

And a redirect is quite obvious. You don't go to the site you intended to go to.

Now this is, maybe, where I have mis-understood. :angry:

From the way you 'say' that Jean it seems that you think the redirection will always be obvious. Silly example, you type in www.google.com and the page opens at the Yahoo web site.

My interpretation is that the page one finds oneself looking at looks exactly as you might expect it to - but it's not the Real McCoy! It is a forgery which might tempt you to download what you think is a bonio-fido programme/facility but which may well have been 'doctored'!

Have I got hold of the wrong end of the stick?

Dave

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

What your describing is a phished site and you don't type in anything. They are links in emails. Easy to avoid. Don't click on them. If you have any reason to go to the site at all then open a new window on the browser and go there. Don't use the link in the spam email. Don't open the spam email. Do some Googling and read up on this stuff Dave. Your just as capable of learning it on your own and it's likely to make more sense and stick with you if you actually do the looking. Google, Phish and start reading.

Link to post
Share on other sites
Guest ~BD~

Guest ~BD~

Posted
Posted
What your describing is a phished site and you don't type in anything. They are links in emails. Easy to avoid. Don't click on them. If you have any reason to go to the site at all then open a new window on the browser and go there. Don't use the link in the spam email. Don't open the spam email. Do some Googling and read up on this stuff Dave. Your just as capable of learning it on your own and it's likely to make more sense and stick with you if you actually do the looking. Google, Phish and start reading.

With the greatest of respect, Jean ............

Please reconsider the first post in this thread where I quoted:-

"Along with phishing-based keyloggers, we are seeing high increases in

traffic redirectors. In particular, the highest volume is in malicious

code which simply modifies your DNS server settings or your hosts file

to redirect either some specific DNS lookups or all DNS lookups to a

fraudulent DNS server. The fraudulent server replies with

Link to post
Share on other sites
ctrlaltdelete

ctrlaltdelete

Posted
Posted

I'm using a firewall with DNS checker, it checks the DNS response i get from my ISP's DNS or whatever DNS is configured (by malware?) on my system with the response from a trusted 3rd party DNS.

If they are not the same i get a pop-up which warns me about the different results before a connection is made.

Otherwise it will be very difficult to tell if you are visiting the "good" site, guess you need to trace the domains every time and check the results...?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.