OT- Serious security warning

[Guest guest]

Nov 07, 2004

You won't like this kind of Phishing!

A new and very dangerous Internet attack was reported this week in Brazil.

This new danger is a phishing attack. Phishing is computer slang for attacks

in which criminals pretend to be a bank or other institution. They try to

trick you into giving up your password and user name.

Most people have learned not to fall for this, but this new attack could

fool the most careful people. Here's how it works:

The criminals send you an e-mail (spam). When you open the e-mail, a small

program called a script runs. Note that you only need to open the e-mail;

there is no attachment.

The scripting program goes to your HOSTS file, located deep in your

computer. The actual path in Windows XP is:

C:\Windows\System32\Drivers\Etc\HOSTS

It enters your bank's Web address--for instance, www.YourBank.com--in

<outbind://3/www.YourBank.com--in> the HOSTS file. It also enters an

Internet Protocol (IP) number for the criminals' address.

The next time you need to surf to your bank, you attempt to go to

www.YourBank.com <outbind://3/www.YourBank.com> . When you enter that

address, or any other address, the browser first goes to the HOSTS file to

find the IP number. If it isn't there (it normally would not be), it goes to

a special computer on the Internet to find the IP number.

However, the criminals have put your bank's address in the HOSTS file, along

with their IP number. So you are automatically sent to that IP number, which

is the criminals' computer. It looks like the bank's Web site, so you enter

your user name and password. That gives the criminals the information they

need to enter your account and steal your money.

How can you protect yourself? Some anti-virus programs guard against this

kind of thing; others do not. To be safe, you must disable your computer's

scripting ability. To do that: --In Windows XP, click Start -->My Computer.

Click Tools -->Folder Options.

Select the File Types tab. Click File Types, then scroll to and click

VBScript Script File. Click Advanced. In the Actions box, click Open.

Click Remove.

If you need to restore scripting, click New. Put Open in the Action box. In

the next box, click Browse. Find wscript.exe in C:\Windows\System32.

Double-click it.

--In Windows ME and 2000, the procedure is similar. If you need to restore

scripting in Windows ME, the wscript.exe file is in C:\Windows.

--In Windows 98, you must disable Windows Scripting Host. Click Start>>

Settings -->Control Panel. Double-click Add/Remove Programs. Select the

Windows Setup tab. Double-click Accessories. Click the box next to Windows

Scripting Host to deselect it. Click OK>>Apply>>OK.

This attack is not yet a threat in the United States. But it is only a

matter of time. Do not fail to protect yourself and your family and friends

by forwarding this information to them..

For more on this story:

http://msnbc.msn.com/id/6416723/

a