Verily I say unto thee, that Chris Ahlstrom spake thusly:
> After takin' a swig o' grog, Roy Schestowitz belched out this bit o'
> wisdom:
>> Phishing is a brute-force thing (botnets) which requires proxies
>> (zombies) so as not to be identified and caught.
>
> I don't think so. A proxy isn't automatically a zombie.
And Phishing isn't really "brute-force" either, it's social engineering
via Email and/or tricks like cross-site scripting.
The part that proxies play in this, is invariably sending the spam that
forms the first stage of the Phishing attack - i.e. a fake notification
to check your bank statement online, with a link to a fake site. Unless
the Phisher can find a spam-friendly host, it is likely to be unwitting
users on compromised machines (zombies), though the fake bank site will
be something hosted in a non-MLAT jurisdiction. The attack that changes
some poor sod's machine into a zombie might conceivably be described as
"brute force", although given how easily Windows is compromised, that's
more of a walk-in than a break-in, hence the severity and extent of the
problem.
So in that sense "Windows Zombies Cost UK Banks and Customers a Fortune"
is fairly accurate, indirectly. It's certainly plays a pivotal role.
--
K.
http://slated.org
.----
| "At the time, I thought C was the most elegant language and Java
| the most practical one. That point of view lasted for maybe two
| weeks after initial exposure to Lisp." ~ Constantine Vetoshev
`----
Fedora release 8 (Werewolf) on sky, running kernel 2.6.25.11-60.fc8
18:17:33 up 47 days, 15:30, 5 users, load average: 0.13, 0.15, 0.16
|
|
