No Clicking for You…

Please don’t be that guy, you know the one who posts fake Credit Card data to a phishing site because they believe it’s some how “fighting back.” BAD IDEA folks. I’ve seen this error in common sense, if you will, because of IPS filters that use Reg Ex to catch such SB1386 type data being sent over HTTP not HTTPS, a clear sign of either a company that doesn’t deserve your business or Phishing. So here are the top 2 reasons why such a thing is bad for the Information Security weekend warrior.
1. Once you’ve clicked on the Phishing link in email they have won.
You just validated your email address is monitored by a human; it’s now worth 10x as much to SPAM gangs. Who are they? Click here. Those SPAMMed HTML links often have code behind them that has been dynamically generated to contain the recipient of that particular SPAM imbedded in them. So when you click the Phishers link it’s like saying, SPAM ME please, I read and click on anything!
2. You will most likely get malware sent to you.
OK so the goal of people behind this organized crime is to get credentials (username and password) they don’t care how that is done, they don’t even care what credentials they get. It’s cheap to try them at every bank, ecommerce, and webmail site out there. You don’t reuse passwords do you? So whether you fill out their fake form with all your personal information or they can implant a Trojan on your machine and keylog that info a week from now, what’s the difference? As soon as the site comes up expect to have many invisible iframes pointing your browser to all kinds of obfuscated scripts trying to exploit application vulnerabilities (not just OS stuff anymore my friends) as well as trying social engineer you to download a much needed codec or the like.
So moral of the story is you’re only tempting fate, should you try to clog the bad guys database with illegitimate info. In the end you may very well get owned faster then your grandma who just got a popup asking her to “CLICK RUN” to get a free virus scan on her Win98 machine. The real experts (one of whom I don’t claim to be) use completely sandboxed virtual machines with many safeguards for them and the Internet to do this kind of stuff. I suggest anyone who doesn’t reverse engineer malware on a weekly basis leave such things up to them. And luckily for the average ecitizen there are many very intelligent people who do just that. Suggested Links Below….
PS Don’t expect your shiny new <insert AV vendor> 2008 to protect you 100% either, AV is a necessity for the average user on Windows but isn’t an invincible shield against foolish bravery.

http://www.secureworks.com/research/threats/

http://isc.sans.org/  (do a search for Tom Liston, then click the links for “Follow the bouncing Malware” very well done albeit a few years old now.)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s