Panda Security
OXYGEN 3, E-bulletin on IT security

"Don't wait for extraordinary circumstance to do good; try to use ordinary situations"

Charles Francis Richter (1900 - 1985), US seismologist
(April 26, 1900, Charles Richter was born)


Non-bank-oriented phishing

Among the top ten pages spoofed for phishing during Q1 this year, not all are banks. According to the Antiphishing Working Group (which Panda Security belongs to) the two most spoofed pages during January and February were eBay and PayPal.

Apart from banks and pay-platforms, PandaLabs, the malware detection and analysis laboratory at Panda Security, has detected phishing attacks that spoofed virtual worlds (e.g. World of Warcraft -WoW) or emails purporting to come from Microsoft, in which they requested Xbox credentials.

"Cyber-crooks are increasing attacks aimed at obtaining virtual world and online game passwords through specially-crafted Trojans and phishing techniques," explains Luis Corrons.

Xbox phishing

They target Xbox credentials, because they are usually the same as those used to access other services, e.g. Hotmail. Consequently cyber-crooks obtain addresses to spam and from which to send spam. In the case of virtual worlds like WoW, cyber-crooks can use passwords to gain highly skillful avatars or those with specific extras which are usually very difficult to obtain, and sell them to the highest bidder online, as you can see on the PandaLabs blog.

Many users enter information such as their credit card number; to buy and download the latest games, get money in virtual worlds, etc. which could allow cyber-crooks to steal it.

For further information about phishing, go to
Panda protect your privacity.
To unsubscribe from Oxygen3, please click here.
© Panda 2008