New entry in the TSC: Script in the middle

Thanks to Virus Bulletin, we have now a new entry in The Spammers’ Compendium:

Script in the middle
UO!Script in the Middle!JavaScript

14 October 2010
Description

The email has an HTML document attached to it that contanis a for. Clicking submit will POST the user’s data to a website controlled by the crooks, which automatically and invisible redirects to a legitimate website. See also The Responsibility Transfer.

Example

The original article with all the juicy details can be found in Avira Techblog: http://techblog.avira.com/2010/09/08/phishing-getting-verified/en/

Related Posts

Avira’s Free AV is celebrating 10 years

Quote from the Techblog: “Amazing! Avira’s free antivirus solution, Avira AntiVir Personal available at our www.FreeAV.com web site, is now getting 10 years old! For ten years, we added an additional security layer around companies by protecting the employees personal computers from malware infections for free. Amazon: Bestsellers Electronics and Photo The free version always […]

“Cybercriminals from Eastern Europe”

“Cybercriminals from Eastern Europe” – quote from CompTIA Security+ 2008, Chapter 1, Page 36 Oh, please… this is stupid ! It is true that many of the attacks are conducted from Eastern Europe, but this is not the way to publish something like this. You are ruining their chances. There are many good guys and […]

Why security recommendations often get ignored

I read very often about vulnerabilities and companies that got hacked. Many times, the reason for which they got hacked was because some recommendation issued by some smart people (read: security minded people) are ignored.   But why are they ignored? I found some articles where several explanations are given for what is called “information avoidance“. […]