Interview with the Irish Independant

An Interview I did last week with Gordon Smith of SiliconRepublic has been published in the Digital Ireland supplement of todays Irish Independant . I've got 2 scans as PDFs below for anyone who is interested. Overall happy enough with this interview, no real misquotes and Gordon was great to work with and knew his stuff on the topic which helped a lot.

Scan 1 (Some words cut off)
Scan 2 (Picture at top cut off)

Also the Picture they used was smaller than the Interview with the Irish Examiner, which is much appreciated :P

UPDATE: The Story has also been publised on SiliconRepublic this morning

Whats the worst that could happen?

Identity Theft - the crime that happens to other people.

Most people I have talked to about identity theft, have been mildly concerned, but normally think that it is not something they themselves should worry about. After all they say, I only use the Internet to check my email and occasionally buys things - whats the worst that can happen?

I would imagine that is exactly what a fellow Irish man who uses the eBay handle jopsoup was thinking as he strolled into a local internet cafe to check his email, only to find that he owed $3,002,150 dollars. I would also imagine that he had quite different opinions of identity theft when he got up to leave.

It appears that this man's eBay account details had previously been stolen (most likely from a trojan monitoring for passwords which could have been installed in the same internet cafe he always frequented), and had been used in the winning bid on a massive collection of music being sold on the well-known auction site. The collection on its own is quite impressive with over 300,000 CDs (thats 75 16Gb IPhones for all you youngsters out there).


The UK Home Office estimates that Identity Theft cost the British economy £1.7 Billion over the last 3 years, figures that have been echoed by other governments around the world. The fact is your data, no matter how trivial, can be very valuable if it falls into the wrong hands. Be careful out there people - The Web can be a dangerous place and and just as you would when exploring a new city or town, it pays to be prepared and protected before venturing into it.

Also posted on Trend Micro Blog

Spot The Difference

Now also on Trend Micro Blog

For generations kids all over the world have enjoyed "Spot The Difference" puzzles, but who says us Adults can't join in the fun. See can you spot the difference between the real banking login page, and the phishing attack below:



Not very easy is it? Well lets look at the source code and see what differences appear there. Well to be honest there are very few differences and most are simply a case of correcting the paths or images/links from the real site to still work correctly on the Phishing site. For example in the picture below the red highlighted site is the real one, and the yellow the phishing site:

The truth is the source code is almost identical, the form on the page is submitted to the page itself. In the case of the real bank this will authenticate and login the user, in the case of the phishing one - well lets just say, they are most likely not going to use your details to send you free money.

About the only real difference noticable to the user is in the URL, and even this is is very difficult to spot unless you are really looking for it.

Where does this threat come from? Well it is currently being spammed around by a certain well known botnet (Start with "S" end with "torm") specifically targeting Australian email accounts. It looks this page was actually put together by some one outside of the normal Storm group, but they are most likely renting a section of the network. Luckily Trend Micro automatically protects our customers by blocking the URL with our Web Reputation.

One last thing, remember when I said there were virtually no differences between the 2 page sources? Well I lied a little bit - check this out (again Red=Real, Yellow=Fake)

When you access the real Banking page a piece of PHP script takes your IP address and stores it as a hidden variable on the page, so the bank can track what IP's people are logging in from. The top IP address is my own from when I accessed the site. The bottom one however is the attackers, from when they downloaded the real page to create their phishing site. They obviously never bothered removing this incriminating evidence (or just did not notice) before putting up the page. However the IP traces back to a standard ISP in Argentina, and users most likely recieve a new IP every time they connect to the network - so chances of finding the culprits, are unfortunately slim.