We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hackers attack those taking revenge on phishers

Bad language triggers second attack

Net users who have been retaliating against phishers are being targeted with exploits that hijack their computers, according to a malware researcher.

According to Joe Stewart, director of malware research at SecureWorks, phishers using the Asprox botnet have struck victims who use the scam's log-in screen to give the crooks a piece of their mind. The scammers fire off a multi-exploit attack kit against anyone who uses profanity in place of the username or password.

Users who know better than to divulge their online banking username and password in the forms linked from phishing emails, but who use words such as 'phish' or a wide range of what Stewart called 'bad language', are targeted for a follow-on malware attack.

"The phishers are looking for three things," said Stewart. "First, if you don't fill out the form completely, second, if you use the term 'phish'. And three, if you use any kind of bad language."

Although users who fight back sidestep the identity theft, they may be at risk from the second-round attack, which is launched by a recent version of Neosploit, a well-known multi-exploit attack kit often used by hackers.

Users who have not kept Windows up-to-date, or applied patches for popular browser plug-ins, such as QuickTime and Flash, will be vulnerable to the Neosploit attacks, Stewart said.

More people than one would think blast back at phishers in the log-in screens, Stewart said, noting that when SecureWorks locates data obtained by phishers, it often includes a "fair amount" of profanity and other uncomplimentary comments.

"People think, 'while I'm at it, I might as well take some retaliatory action'," said Stewart.

The Asprox botnet contains at least 50,000 compromised computers, maybe more, Stewart estimated.

"I can't recall seeing an attack quite like this before," he added.


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more