Tweet
A digital certificate is an electronic “credit card” that establishes your credentials when doing business or other transactions on the Web. This certificate is being used by many banks for secure online banking.
Unfortunately, hackers and phishers have easily adapted to this security technique.
A recent phishing attack using digital certificates was seen in the Bank of America case. In order to access the Bank of America Direct login page, the client must have a valid digital certificate installed on their personal computer. The URLs, in rockphish form, lead the user to a page asking them to create a certificate or to download the digital certificate. In Internet Explorer, it asks the user to run a Microsoft ActiveX control called “Microsoft Certificate Enrollment Code.”
After running the add-on and upon filling up the required information, it asks the user to download an .EXE file, sophialite.exe.
This is quite clever. From the explicit display of login or confirmation page that is easily verified as phishing, they have turned to the creation of digital certificates, a ploy that can actually convince users to take the bait. Another thing, these URLs are in rockphish form; as of now we already have 93 different domains using this technique. All are blocked by WCS (Trend’s Web Classification System for blocking malicious domains and URLs).
Unfortunately, hackers and phishers have easily adapted to this security technique.
A recent phishing attack using digital certificates was seen in the Bank of America case. In order to access the Bank of America Direct login page, the client must have a valid digital certificate installed on their personal computer. The URLs, in rockphish form, lead the user to a page asking them to create a certificate or to download the digital certificate. In Internet Explorer, it asks the user to run a Microsoft ActiveX control called “Microsoft Certificate Enrollment Code.”
After running the add-on and upon filling up the required information, it asks the user to download an .EXE file, sophialite.exe.
This is quite clever. From the explicit display of login or confirmation page that is easily verified as phishing, they have turned to the creation of digital certificates, a ploy that can actually convince users to take the bait. Another thing, these URLs are in rockphish form; as of now we already have 93 different domains using this technique. All are blocked by WCS (Trend’s Web Classification System for blocking malicious domains and URLs).
