Phishing e-mails that automatically steal bank details

Towards the end of October, the company intercepted a number of e-mails which, when opened, silently run a script that attempts to rewrite the host files of targeted machines. This means that the next time the user attempts to legitimately access on-line banking he will be automatically redirected to a fraudulent web site, enabling his log in details to be stolen.

So far, MessageLabs has only intercepted copies of e-mails targeting three Brazilian banks, but should the technique prove successful the company expects to see more phishing attacks using this advanced method.

Alex Shipp, Senior Anti-Virus Technologist at MessageLabs, said:

"This latest technique demonstrates how phishing attacks could become increasingly difficult for end users and on-line organisations alike to protect against. By reducing the need for user intervention, the perpetrators are making it easier to dupe users into handing over the contents of their bank accounts. Most banks have advised their customers to be wary of any e-mail asking for personal banking details, but in this case all they have to do is open an apparently innocent e-mail and their bank details could be silently sabotaged.

"We currently detect between 80 and 100 new phishing web sites a day, showing just how prolific the threat has become. It is a moving target, making it harder to identify and defend against. As ever, a combination of user education and the necessary levels of technology-based protection are essential."

Computer users who have Windows Scripting Host disabled are not at risk from this particular type of phishing attack.