Report a phishing site, gain a chance to win an Ipod

In October we received and reviewed more than 8,700 unique URLs reported to us as phishing sites; by far the busiest month to date.

To further incentivise people reporting phishing sites, each accepted report is now treated as a ticket in a monthly draw for a top of the range iPod.

The October draw was won by Alan. Alan has been one of the largest and most accurate reporters of phishing sites, with several hundred reports accepted to date.

“Every day I feel that I'm doing my small bit to make the Internet a safer place.” said Alan."It's good that there are still people on the Internet who try hard to make it better. Some of them are well known companies like Netcraft, some of us are just anonymous individuals trying to do our bit. As well as the satisfaction of a job well done, it's a lot of fun to have a shiny new toy to play with."

Including the toolbar community itself and customers of ISPs using our Phishing site feed, well over a million people are now protected from phishing by the Netcraft Toolbar.

The Netcraft Toolbar is available for both Internet Explorer and Firefox, and serves as a giant neighborhood watch scheme for the Internet, in which members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.

Reporting a Suspicious URL

When you visit a page that you believe to be a phishing site, or contains fraudulent or deceptive content, we ask that you report it so that other toolbar users will benefit from your vigilance. The more sites that are reported, the more useful the toolbar will become for everyone.

You can report a URL by clicking on "Report a Phishing Site" in the toolbar menu, accessed by clicking on the Netcraft logo:


After you report a URL, Netcraft will review the report and block the page if we confirm it as part of a phishing attack.

Sony DRM Patch Creates Serious Security Hole

A patch for Sony's controversial digital rights management (DRM) software opens a serious security hole when installed on a Windows machine, according to security researchers from Princeton University. The revelation deepens a public relations nightmare for Sony, which has said it will stop selling music CDs which install the DRM monitoring program when the CD is played, and will replace disks that have already been sold.

"The consequences of the flaw are severe," Ed Felten and Alex Halderman write in their weblog. "It allows any web page you visit to download, install, and run any code it likes on your computer. Any web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get."

Security researcher Dan Kaminsky has surveyed Internet nameservers, and found that at least 568,000 DNS servers have received queries unique to the operation of the Sony DRM software, meaning at least that many computers (and probably more) have the problematic rootkit installed. A subset of those will also have the security hole installed by Sony's attempted fix.

Continue reading

Malware Knocks Virtual World Offline

A gaming "virtual world" has been knocked offline for the second time in a month by malware distributed by players within the game. Second Life, an innovative online game with more than 80,000 users, took its entire system down for more than five hours Thursday after an instant messaging bot overwhelmed the game grid with a huge volume of messages. A similar incident on Oct. 23 also caused a lengthy system outage when a user program automatically generated more than 5 billion spheres inside the game.

A user-designed multiplayer world, Second Life encourages programmers and graphic artists to create virtual goods and services to sell, and allows players to convert game currency into real-world cash via an online exchange.

Continue reading

Microsoft Update Will Remove Sony DRM Rootkit

Upcoming releases of Microsoft's spyware removal tools will uninstall Sony copy-protection software that functions as a rootkit. "We have analyzed this software, and have determined that in order to help protect our customers we will add a detection and removal signature for the rootkit component of the XCP (Extended Copy Protection) software," Jason Garms of Microsoft announced on the Anti-Malware Engineering Team blog. "Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems." The detection of the Sony tool will be included in upcoming releases of the Malicious Software Removal Tool, which is updated through Windows Update, as well as the beta of Windows Antispyware.

Sony uses XCP software to restrict unauthorized copying of music CDs. The software's controversial operations were detailed by Mark Russinovich of SysInternals two weeks ago, prompting alarm among many security experts. "Although the software isn't itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves," noted F-Secure, which soon discovered a trojan attempting to use the Sony XCP software to disguise its presence. Fortunately, the trojan had coding errors that prevented it from spreading widely.

Continue reading

Attacks Target XML-RPC Flaws in PHP Blogging Apps

Hackers are launching attacks on popular PHP-based blogging, wiki and content management program that failed to patch a serious security hole discovered in July. The attacks exploit flaws in the way PHP libraries handle XML-RPC commands, and appear to be targeting installations of WordPress and Drupal.

If left unpatched, an attacker could compromise a web server through vulnerable programs including WordPress, Drupal, PostNuke, Serendipity, phpAdsNew and phpWiki, among others. These projects all issued fixes six months ago, as did the authors of the affected PHP libraries.

Continue reading

Bank Shuts Down Web Site After Phishing Attack

A phishing attack led the Bank of New Zealand to take its online banking web site offline Thursday to prevent scammers from draining customer accounts. The bank said that although there had been no threat to its Internet infrastructure, the site was shut for eight hours to protect customers who shared their banking logins with a spoof web site operated by a phishing crew. The BNZ web site came back online Thursday evening with "restricted functionality," and returned to full service on Friday, bank spokesman told the National Business Review.

Bank of New Zealand said it will continue to closely monitor Internet banking transactions, and has revised daily transaction limits for all customers. The bank also suspended Internet banking access for customers who enteered their details at the fake site.

Continue reading