Q

How effective are phishing links that refer to FTP sites?

The vast majority of phishing emails still include HTTP links, but there has been a recent smattering that refer to FTP sites. In this SearchSecurity.com Q&A, Ed Skoudis explains how to be ready for the malicious messages.

Some spam phishing links refer to FTP sites. Are these phishing attempts more effective than those that do not incorporate FTP?
The vast majority of phishing emails still include HTTP links, but we have seen a recent smattering of them that refer to FTP links. That's most likely because the bad guys know that today's malware defenses analyze HTTP links for various forms of tricky URL obfuscation. Various browser and proxy filters scour HTTP URLs, looking for anything malicious or out-of-the-ordinary. Furthermore, network-based defenses, including IDS and IPS tools, analyze HTTP traffic flows for exploits and malware. In many enterprise organizations, however, humble little FTP gets much less scrutiny.

Further compounding the problem, pretty much every browser has built-in FTP client capabilities invoked at the simple click of a link. Just by opening this link, ftp://10.10.10.10/test.html, for example, IE, Firefox and Mozilla browsers will dutifully fetch the test.html file, render its HTML and run any of its scripts (based on the browser's script configuration settings). So, to answer your question directly, FTP links can indeed...

be more effective in phishing emails because they receive less scrutiny from most organizations. Make sure to carefully inspect FTP URLs, or even block FTP access, if it is not required in your organization.

More information:

  • Learn how cybersquatters and phishers sharpened their tactics just in time for the holiday season.
  • Ed Skoudis reviews fast-flux botnet tactics and explains how to conduct an investigation of the advanced phishing technique.
  • This was first published in January 2008
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close