In the News: Larger Prey are Targets

The New York Times ran an article today about a recent phishing threat that seems to have snared a lot of victims. Apparently this latest attack was much more realistic to end-users, but also had a much bigger threat than most phishing attacks. The typical phishing attack asks end-users to enter their personal information on fake website, an act that makes most users at least a little suspicious of the nature of the site. This scam was much more devious in getting the end-user to click on a link for more information, and that link was to a web page that did a drive-by install of software that monitored key strokes on the end-user's computer and also gave control of the computer to the hackers.

The most striking thing about this article to me was the fact that traditional anti-virus programs for the most part were unable to protect end-users from this threat. This particular kind of attack is one where a desktop anti-virus program isn't the best solution, but a proxy is ideally suited to protect the end-user from malicious code in a web page. Too many security administrators think that anti-virus is sufficient, and it was back when threats came in primarily through e-mail. As technology moves back towards the web (including web based email), threats now reside in both e-mail and web pages.

The proxy is ideally situated to protect any organization from web threats, including phishing scams like this one. Check out your proxy vendor and make sure they would have protected you from this threat.