Many of us receive unwanted messages claiming to have been sent on behalf of banks, but which are in fact phishing attacks attempting to steal private information, along with any money we might have in the accounts. Those who realize that the so-called bank employees are nothing but snakes in the grass can sometimes feel an unstoppable need to fight back at the phishers.

 

John Stewart, director of the malware research lab at SecureWorks, advises users not to do that because, except for a feeling of release that can be experienced in the moments following the reply, phishers may strike back at them. The registration forms so generously provided by attackers, if filled in with real personal information, allow hackers to lay their hands on e-banking or other accounts details. Oppositely, if they are filled in incompletely or by using words resembling anything related to “phish” (or other terms with this bearing in security slang), phishing attacks may evolve into spam. This means that users will be assaulted with various rogue sign-in forms, until they unknowingly succumb to the threat, and fill in the registration.

 

For now, the security team can say one thing for sure: the Asprox botnet definitely resorts to this method. The network of infected machines sends phishing emails and intercepts, through its Danmec password-stealing trojan, highly sensitive information. If users reply to the Asprox hackers with ironical messages, they will employ anything in their powers to eventually trick the victims.

 

“If you are running Windows and haven’t recently installed your security updates and patched all your browser plugins/ActiveX controls, you might find yourself infected with your very own copy of Asprox. Not only do you then get the opportunity to unknowingly send phishing emails on behalf of the botnet, you will likely get some extra goodies, since Asprox is also a downloader trojan. You won’t notice it running, but you might notice some of the things it downloads and installs.” explains Stewart as to why we shouldn't even touch the registering forms Asprox sends, and much less fill them in with fake information or vindictive messages.