Remain Safe from Desktop Phishing - A Silent Phishing Technique



Desktop PhishingYou may already be familiar with the phishing technique as we have posted some articles over it, However still you don’t understood it then I should tell you here again that phishing is such an act where hacker makes a duplicate page I must say login page of any website and in the login fields he makes some changings like he embeds a logger script in those login forum fields, thus as a result what you type in those fields is logged and are pasted in a text file on that server where that phishing i-e duplicate page is hosted to fool you. Thus you email and password are sent to hacker as those login fields are for “email address” and “password” ultimately in the end you are redirected to original login page. You should read following posts to understand this in detail:-

Explaining phishing to newbies - Protect your Facebook

Beware Tab Napping is a new phishing technique

Why hackers use silent phishing:-

Old techniques due to websites like hackersthirst, hackernews etc. are now known to the general users, as the old phishing technique...

  • Such techniques need such a hosting whose TOS can’t be broken when a hacker upload such pages.
  • This needs a link to be spread which takes victim to the phisher page.
  • This are also now recognized more easily as the URL of the browser is not trustable since now many people are aware of such attacks and modern browsers can understand phishing well now.
  • Hacker must be an expert to implement such attacks successfully.

What is Desktop Phishing?

Well, it is a kind of phishing where hacker has to just replace some text in the hosts file located in Windows directory in the victim machine and whenever he goes to the real website like yahoo.com then real website won’t open instead of it the phishing page will open which will be hosted in their computer (Or any other hosting).

A diagram to differentiate between Desktop phishing and Common Phishing:-

Desktop and normal phishing

We created this simple diagram to differentiate between common phishing and desktop one, Hope you may get it now clearly.

How hackers perform desktop phishing:-

Following are the steps to perform desktop phishing which are explained in quite good manner. However specifics are not shared because this is an educational article.

1. Make their computer a server to host files or say phishing page:-

They host the malicious code on. their own computer as it's easy to make your. computer host a small code. Additionally you can learn how you can use your computer as a webhost:-

How to: Convert Computer in WebServer - Host Webpages For Free

2. What is hosts file and how they exploit it for desktop phishing-Basic Scheme:-

A hosts file is a file which contains domain names and IP addresses associated with them.Like when we visit a website like www.website.com then a query is sent to the DNS (Domain Name Server) in order to look for the IP address which may be associated with that domain to take you to the desired website. But before this query the local computer is checked for the IP address associated with that domain, and the file which is checked for this purpose it the hosts file located here:- C:\Windows\System32\drivers\etc\

Now lets make an entry in hosts file, you can use simple notepad to edit it, well we are using notepad++ for this purpose. I have opened hosts file by right clicking it and then opening it my notepad++ and after that I have added the IP address and the URL along which I want to associate that IP address. I think you have understood that what we are going to do. See sample below, when victim will open www.hackersthirst.com he will be taken to the IP address(111.111.111.50) in Hosts file as below:-

hosts

3. Using a method to replace real hosts file with their own created in victim computer:-

Now, they have hosted code in computer in a webserver and thus they can associate any domain name with their server, yes they are going to exploit hosts file. A typical example of the host file is shown as below:-

modified hosts

So, the modified hosts file can be change with the original host file, and hackers can use a number of tricks, for example they can use following methods:

  • Can send you a rar file with a command of replacing some files in the hosts file location.
  • They can code a software which on installation can change your host file.

What you got from this post? or Countermeasures to remain safe from such attacks:-

So, now you know this type of attacks also exists to never blindly trust any exe file or any picture always explore the files given by any stranger if you see that the icon is of a .jpg file and extension is .exe then it surely means that the file is binded. So, I must say that best security is always from you hackers just make use of our own foolishness.

Subscribe to us to get all such latest updates, similarly as I told you in one of the previous posts, I,ll tell you some ways using which the hacker can send you such files and your computer can be monitored, I must say some social engineering tricks, so stay in touch, and read this also:-

Social Engineering-How its done and How to remain safe..!