Messagelabs, who discovered the new technique, said that although it was fairly crude, it was a worrying development that users and banks should be aware of.
When the malicious e-mail is opened a script is run which rewrites the host files of targeted machines. The effect of this is the next time the user attempts to access legitimate online banking, at one of the targeted banks, the new script, which has been lying in wait for such a moment, redirects the user to a fraudulent Web site which apes the site they were attempting to legitimately access.
Alex Shipp, senior antivirus technologist at Messagelabs, said: "This script silently modifies the users' machines and creates this vulnerability. The next time the user goes to bank online, that's when it will get them."
So far the company has only intercepted a relatively small number of these new phishing e-mails in South America where they are targeting three Brazilian banks, but as ever with malicious activity online any success will likely see the scams spread to new territories.
Shipp said this first iteration of such a covert phishing technique will only affect users who have Windows Scripting Host enabled and certain ActiveX controls and he believes the majority of users with up to date patches, or the most recent versions of Outlook, where such features are switched off as standard, will be protected.
But it is the general trend which is causing the most concern.
"Perhaps Brazil was targeted by this first, fairly basic e-mail because the writers knew there are a large number of unpatched PCs there, but the worry is that this could become more advanced," said Shipp, warning that future iterations of such a scam may employ Java script or similar means to create such a vulnerability on users' machines.
MessageLabs is currently detecting between 80 and 100 new phishing Web sites every day.
Please define "now" or better late than never!!!
"You don't need to click on a link to be infected now"
The Australian Financial Review - Page: 53 : 11-Aug-2004
Original article by Rachel Lebihan
"An Australian computer software specialist predicts a new breed of virus is likely. Nigel Phair, the team leader of investigations at the Australian High Tech Crime Centre, told a Sydney IT security conference on 10 August 2004 that computer users will not even have to open a "phishing" email to activate its course of destruction. He said the contamination will be triggered when the message is viewed in the preview panel of an email program."
Glad to see Messagelabs has caught up with our own authorities. This is very old news.