Rock Phishing History
It was in 2004 that we saw the genesis of the rock phish attack. The name stems from the first recorded attack in which attackers employed wild card DNS (domain name server) entries to create addresses that included the target’s actual address as a sub-domain. For example, in the case of a site appearing as www.thebank.com.1.cn/thebank.html, ”thebank.com” portion of the domain name is the “wild card”, meaning its presence is purely superficial – it is not required in order for the phishing page to be displayed. “1.cn” is the registered domain name, “/thebank.html” is the phishing page, and the combination of “1.cn/thebank” will display the phishing page. This allows the perpetrators to make the wild card portion the legitimate domain name, so that it appears at first glance to be a valid folder path. The first rock phishing attacks contained the folder path “/rock”, which led to the name of the attack as we know it today. To date, it is estimated that rock phishing has already cost businesses and consumers in excess of $100 million in damages, and it continues to grow.
Until this attack, phishing was becoming more pervasive, but was far from mainstream - in large part because free Web services only allowed for limited activities. More recently however, attackers have found a more surreptitious way to launch attacks through legitimate websites themselves by exploiting common vulnerabilities in the software running on the sites. Unlike popularized software applications that openly announce changes, automate updates and provide open access to programming tools, administrators often have to spend time seeking out Web software updates and security weaknesses. This delay in - or sometimes complete lack of – action provides ample opportunity for attackers to do considerable damage.
In addition, there has been a move to make website software more accessible to the non-tech user so they can create their own Web pages. The drop in the sophistication levels of the Web masters makes the risk of rock phishing higher – and the opportunity to catch these sites and shut them down in a timely manner much lower.
At the same time, perpetrators for their part have taken it upon themselves to become well-versed in Web server technology. These are not the typical casual hackers that typified the “phisher kings” of past years. These are highly sophisticated, well educated, highly coordinated teams of people with exceptional technology skills.
Read more about this topic: Rock Phish
Famous quotes containing the words rock and/or history:
“So there he is at last. Man on the moon. The poor magnificent bungler! He can’t even get to the office without undergoing the agonies of the damned, but give him a little metal, a few chemicals, some wire and twenty or thirty billion dollars and, vroom! there he is, up on a rock a quarter of a million miles up in the sky.”
—Russell Baker (b. 1925)
“A country grows in history not only because of the heroism of its troops on the field of battle, it grows also when it turns to justice and to right for the conservation of its interests.”
—Aristide Briand (1862–1932)