Hackers Have the Last Laugh

By Matthew Harwood

For all those Web users who have recognized a phishing scam and thought I'll give these cybercrooks a few choice words on the fraudulent page's log-in screen, you may want to think again, according to

In a new twist, phishers using the Asprox botnet have struck victims who use the scam's log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanity in place of a username or password, said Joe Stewart, director of malware research at SecureWorks Inc.

Users who know better than to divulge their online banking username and password in the forms linked from phishing e-mails, but who use words such as "phish" or a wide range of what Stewart called "bad language," are targeted for a follow-up malware attack.

Stewart told that the Asprox botnet contains at least 50,000 compromised computers, "maybe more."

Web users who have not kept Windows up-to-date or who haven't patched browser plug-ins such as QuickTime and Flash are vulnerable to the attack, he said.

But the best course way to avoid the hack attack is to just be thankful you avoided the scam and not type any retaliatory words on the log-in page.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.