Phishing miscreants are THWARTING securo-sleuths with AES crypto

  • 9 September 2014
  • 0 replies
  • 242 views

Userlevel 7
By John Leyden, 9 Sep 2014
 
Phishing fraudsters have begun using industry-standard AES encryption to disguise the content of fraudulent sites.
Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools are commonly used but Symantec recently caught what it reckons is the first use of AES encryption in dodgy sites designed to hoodwink consumers into handing over their login credentials.
 "The site used AES to hide the phishing page content", Paul Wood, manager of cyber security intelligence at Symantec, told El Reg. The tactic is designed to make the analysis of phishing sites more difficult for security researchers without interfering with how sites are presented to victims, as a blog post by Symantec explains.
 
The Register/ full article here/ http://www.theregister.co.uk/2014/09/09/phishing_scam_uses_aes_crypto_to_hide/

0 replies

Be the first to reply!

Reply