Homer <usenet@xxxxxxxxxx> espoused:
> Verily I say unto thee, that Chris Ahlstrom spake thusly:
>> After takin' a swig o' grog, Roy Schestowitz belched out this bit o'
>> wisdom:
>
>>> Phishing is a brute-force thing (botnets) which requires proxies
>>> (zombies) so as not to be identified and caught.
>>
>> I don't think so. A proxy isn't automatically a zombie.
>
> And Phishing isn't really "brute-force" either, it's social engineering
> via Email and/or tricks like cross-site scripting.
>
> The part that proxies play in this, is invariably sending the spam that
> forms the first stage of the Phishing attack - i.e. a fake notification
> to check your bank statement online, with a link to a fake site. Unless
> the Phisher can find a spam-friendly host, it is likely to be unwitting
> users on compromised machines (zombies), though the fake bank site will
> be something hosted in a non-MLAT jurisdiction. The attack that changes
> some poor sod's machine into a zombie might conceivably be described as
> "brute force", although given how easily Windows is compromised, that's
> more of a walk-in than a break-in, hence the severity and extent of the
> problem.
>
> So in that sense "Windows Zombies Cost UK Banks and Customers a Fortune"
> is fairly accurate, indirectly. It's certainly plays a pivotal role.
>
Clearly, without the botnets, the phishing scams couldn't exist in the
first place, so the headline is correct.
--
| mark at ellandroad dot demon dot co dot uk |
| Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
| Cola trolls: http://colatrolls.blogspot.com/ |
| Open platforms prevent vendor lock-in. Own your Own services! |
|
|
