Phishers Bite Back With Malware Exploits
Brian Prince writes on eWeek:
Criticize the people behind the Asprox botnet, and they take it personal – so much so that they will bombard you with malware, according to a report by SecureWorks.More here.
The botnet, now at least 50,000-strong with bots, is sending out phishing emails posing as messages from banks in the U.S. and U.K. The links inside the email lead to a page with a phishing form that reacts to both incomplete forms and forms containing certain keywords, including profanity or the word "phish." If users who filled out the form improperly click on the “confirm” button, their computers are assaulted with malware in retaliation.
Interestingly, the botnet does not seem to infect people merely for clicking on the link in the email, and if the form appears to be filled out with legitimate log-in data the phishers can steal the victim is re-directed to the main page of their banking Web site, according to SecureWorks.
Those who fill it out with illegitimate data however are hit with a number of exploits targeting vulnerabilities in Microsoft Windows.