Ask the Expert

How effective are phishing links that refer to FTP sites?

Some spam phishing links refer to FTP sites. Are these phishing attempts more effective than those that do not incorporate FTP?

    Requires Free Membership to View

The vast majority of phishing emails still include HTTP links, but we have seen a recent smattering of them that refer to FTP links. That's most likely because the bad guys know that today's malware defenses analyze HTTP links for various forms of tricky URL obfuscation. Various browser and proxy filters scour HTTP URLs, looking for anything malicious or out-of-the-ordinary. Furthermore, network-based defenses, including IDS and IPS tools, analyze HTTP traffic flows for exploits and malware. In many enterprise organizations, however, humble little FTP gets much less scrutiny.

Further compounding the problem, pretty much every browser has built-in FTP client capabilities invoked at the simple click of a link. Just by opening this link, ftp://10.10.10.10/test.html, for example, IE, Firefox and Mozilla browsers will dutifully fetch the test.html file, render its HTML and run any of its scripts (based on the browser's script configuration settings). So, to answer your question directly, FTP links can indeed be more effective in phishing emails because they receive less scrutiny from most organizations. Make sure to carefully inspect FTP URLs, or even block FTP access, if it is not required in your organization.

More information:

  • Learn how cybersquatters and phishers sharpened their tactics just in time for the holiday season.
  • Ed Skoudis reviews fast-flux botnet tactics and explains how to conduct an investigation of the advanced phishing technique.
  • This was first published in January 2008

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: