Go to the Black anti-phishing-exploit warning-the black bar safety net

ID MYHACK58:6220055356
Type myhack58
Reporter 佚名
Modified 2005-12-13T00:00:00


With phishing attacksartin the country to be disclosed later, the networkas if into the vastness of the ocean, a wide variety of phishing attacks everywhere. A newtechnologyis public, I how could not go to attention? So they go online and in magazines to find some information abouttechnologyof Article learn, a little harvest. Yesterday opened an electronic mailbox will be found the Black anti-sent me mail, saying that royalties have been issued and the month of June has started a comprehensive levied on the manuscript. Oh, a burst of excitement, the royalties to the can eat a big meal. The excitement, eyes fell on the mail of the top part. Black anti-features using a mass mailing function, resulting in which any one of the recipient of the mail can see the bulk mail list, so much sensitive information on such exposure in a large crowd under, and these are sensitive can be very good to bring fishing, Oh. For this attacktechniquethe consequences of consider is Amazon ruthless K, I had the fantasy to complete the attack, we may want to keep up with the Oh. The use of these sensitive information there are three attack thinking, one is the use of contributors the editors of the trust relationship between the implementation of phishing attacks, leading to by yourself the important information leaked to the attacker. We assume that the magazine contribute mailbox fortougao@***. com, the mail group sends the list of the one by the mailbox forduzhel@***. com, first we go to apply for a mailbox namedtouga0@***. comof the mailbox(the last character is the number 0, the real address for the letter o), if you will use the message header forgeryart, you can put the mail address forgery and the real address exactly the same, as the effect is the best. Then we use this application of the mailbox toduzhel@***. coman email and start to construct the message content: In everyone's support, the Black anti-fifth period has successfully concluded, will be 5 before May 1 listing. Thanks for everyone support! Magazine directory will recently published inwww.hacker.com.cn, please consult. Royalties have been in the last week payment, please check. The six-period of call for papers started, everyone is welcome to actively posting on! Have any questions, please e-mail inquiry. In fact, the content can be used off the shelf, because we use The is contributors the editors of the trust for attack, a lot of people in to see this content, the thought is the mail system error as well as re-sent an e-mail, then in your own manuscript finished, is usually selected last sent this email reply I believe the vast majority of people are not going to remember the e-mail address, so that a reply to these articles on the whole sent to the attacker's mailbox to go out, the attacker then receives the message and then reply by The period of employment are welcome to continue posting. While contributors receive such a reply to a message, it will assume the manuscript has been sent to the editors of the hands, then the attacker can put the intercept of the manuscript and then order by the identity sent to the magazine, but the last contact address was changed to the attacker's address. This and other publications came out, contributors while in the magazines saw their work, but not royalties here, because the royalties have long since crept into the attacker's pocket. Based on the obtained mass mailing list and contributors to the editors of the trust relationship may also be constructed of other content, such as registering atougao@xxx.commailbox, and then say due to XYZ reason magazine change the mailbox requested by the manuscript sent to this new mailbox, the back of the step response above. There are a variety of message content construction method can be very good to achieve the object, there is not one listed, but I personally think I'm the most you start to construct the message success rate is the highest. Then talk about the second kind of attack thinking it, use the editors to the contributors of the trust relationship, leading the editors to the attacker's leakage contributors of important information. The previous mailbox, for example, the secondary application is associated with the contributor only a difference of one character of a mailbox, such asduzhe1@***. com(with the real address difference between the last character here is Number 1, The Real address for the letter l), can use this mailbox to the editors of the email, the content can be constructed: I was(for the mass mailing list mail address of the corresponding Chinese user name), My Computer as infected with a virus, the document unfortunately is antivirus deletion, of which there are some place need to modify, the ability to put the manuscript sent to me, so I'll be modified, and then sent to your mailbox. But I personally think that this kind of thinking the success rate is very low, the reason is that the information collected is not complete, even the manuscript of the article name didn't tell the editors, give a person the feeling of authenticity is not enough, it is not recommended to use this kind of thinking. Then to introduce a third kind of thinking, this kind of thinking a good solution to the second kind of thinking of the problem, i.e. the use of contributors and editors between the relationship of mutual trust, so as to deceive both parties to obtain more sensitive information, ultimately, to the editors cause this message comes from the by the hand of illusion, leading the editors to the attacker's purpose to make a response. An attacker with email address focus on the bias in the approximation of the editors of the mailbox, use this mailbox to the contributor who sent the message and construct the message content is as follows: We are coming to your issued sample issue and royalties, the last time we verify your manuscript, please send your article name to us, we will be checked after checking in the first time within the sample issue and the royalties sent. In the General opinion, it seems no problem, even if there is a problem also just put the article name to the attacker, but in fact to the attacker's leaked very valuable information, the next step is to use these data. We use the approximation to the contributor's email address to the editors of the Mail, the mail content may be as follows: I wrotearticles(previously acquired information)Have you accepted, since I had a few days going toto learn a month, the address has changed, please send a sample issue and the royalties sent to the***. Hey Hey, now magazine and the royalties or something to the attacker, while the contributors only think your manuscript is the magazine hired, and don't know royalties or something already stream attack the attacker's pockets. Here we have 3 kinds of attack thinking it over, it attacks the essence lies in the use of the obtained mass mailing list and the contributors and editors of the trust relationship, the above only shows some of the structure of the message content, you can use the above speaking of the attack essence to construct a more realistic message content, so as to achieve your purpose. Article to this and also the talk about prevention methods, one method is to not use the bulk email sender way to the contributors provide information, so the attacker can not get a mass mailing list, and thus largely put an end to such attacks, another method is the use of the public key with the key of the method for message encryption, so that only the possession of their corresponding public key can read the message. There is a We own to pay attention to, not in the public occasions to disclose their e-mail address or some other sensitive information, because these will also be some attempt to people the use. Oh, that right, said above is purely fantasy, there is no practice, please do not use the above method to dry anything illegal, otherwise the police uncle is very angry, the consequences very serious.