Rock Phishing History
It was in 2004 that we saw the genesis of the rock phish attack. The name stems from the first recorded attack in which attackers employed wild card DNS (domain name server) entries to create addresses that included the target’s actual address as a sub-domain. For example, in the case of a site appearing as www.thebank.com.1.cn/thebank.html, ”thebank.com” portion of the domain name is the “wild card”, meaning its presence is purely superficial – it is not required in order for the phishing page to be displayed. “1.cn” is the registered domain name, “/thebank.html” is the phishing page, and the combination of “1.cn/thebank” will display the phishing page. This allows the perpetrators to make the wild card portion the legitimate domain name, so that it appears at first glance to be a valid folder path. The first rock phishing attacks contained the folder path “/rock”, which led to the name of the attack as we know it today. To date, it is estimated that rock phishing has already cost businesses and consumers in excess of $100 million in damages, and it continues to grow.
Until this attack, phishing was becoming more pervasive, but was far from mainstream - in large part because free Web services only allowed for limited activities. More recently however, attackers have found a more surreptitious way to launch attacks through legitimate websites themselves by exploiting common vulnerabilities in the software running on the sites. Unlike popularized software applications that openly announce changes, automate updates and provide open access to programming tools, administrators often have to spend time seeking out Web software updates and security weaknesses. This delay in - or sometimes complete lack of – action provides ample opportunity for attackers to do considerable damage.
In addition, there has been a move to make website software more accessible to the non-tech user so they can create their own Web pages. The drop in the sophistication levels of the Web masters makes the risk of rock phishing higher – and the opportunity to catch these sites and shut them down in a timely manner much lower.
At the same time, perpetrators for their part have taken it upon themselves to become well-versed in Web server technology. These are not the typical casual hackers that typified the “phisher kings” of past years. These are highly sophisticated, well educated, highly coordinated teams of people with exceptional technology skills.
Read more about this topic: Rock Phish
Famous quotes containing the words rock and/or history:
“Nobody dast blame this man.... For a salesman, there is no rock bottom to the life. He don’t put a bolt to a nut, he don’t tell you the law or give you medicine. He’s a man way out there in the blue, riding on a smile and a shoeshine. And when they start not smiling back—that’s an earthquake. And then you get yourself a couple of spots on your hat, and you’re finished. Nobody dast blame this man. A salesman is got to dream, boy. It comes with the territory.”
—Arthur Miller (b. 1915)
“Throughout the history of commercial life nobody has ever quite liked the commission man. His function is too vague, his presence always seems one too many, his profit looks too easy, and even when you admit that he has a necessary function, you feel that this function is, as it were, a personification of something that in an ethical society would not need to exist. If people could deal with one another honestly, they would not need agents.”
—Raymond Chandler (1888–1959)