As phishing evolves, criminals switch to malware
The scammers began to see serious problems with their phishing scams sometime around April.
That's when they started realizing that more and more of their phoney "phishing" e-mails were being blocked. Security researchers had spent the previous year closely studying botnet networks of infected computers and they were getting pretty good at blocking many of the fraudulent e-mail messages that were being sent from these systems.
This was creating a problem for phishers -- online fraudsters who set up fake Web sites and try to trick victims into visiting them and giving up their user names and passwords. With fewer of their messages getting through, they had to send out more and more spam to work their scams.
By August phishing gangs homed in on a new way to make a buck.
Instead of asking people to visit a fake Web site, more and more phishers began asking victims to install browser plug-ins or other types of software. To pull this off, they'd send e-mail that comes with malicious software that's supposed to be a security update from a bank. Sometimes they'd simply purchase time on infected botnet computers and install code that steals banking credentials from machines that had already been hacked.
Attacks that install malicious software are easier to launch than they've ever been and are clearly on the rise, said Mickey Boodaei, CEO of Trusteer, a security company that makes desktop security software used by banks. "We're seeing a clear shift from phishing attacks."
Not that anyone thinks that phishing is going away. Attack numbers are still steadily climbing, but e-mail that includes phishing scams has tripled in the past year as phishers have become more technically sophisticated with their attacks, said Dave Jevans, chairman of the Anti-Phishing Working Group. "These are not things that just steal your passwords," he said. "These add you to botnets."
Some of this malware is pretty nasty. The phishers take advantage of their knowledge of banking Web sites to build custom code that runs inside the browser, silently stealing your online credentials, Boodai said. "They're trying to inject HTML pages into sessions with these banks to steal information," he said.
Earlier this month, Trusteer introduced a search tool so that banks and Web site operators can search through this malicious code to see if their domains are being targeted in these attacks.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
phishing
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
