The "Crimeware" Arms Race
John Leyden writes over on The Register:
Conventional phishing attacks launched via spam messages are becoming eclipsed by sophisticated malware designed to steal identities, according to a study [.pdf] by Anti-Phishing Working Group (APWG). APWG's July 2005 phishing reports adds that fraudsters are developing approaches specially designed to neutralise counter-phishing technologies.
APWG researchers reported a "marked increase" in screenscraper technology by phishers, an approach designed to counter graphical keyboard systems sometimes used by banks to thwart conventional key-logging Trojans. When a consumer selects a character on the graphical keyboard using mouse clicks, the screenscraper takes a snapshot of the screen and sends it to the phishers' server, in one example intercepted by the researchers. Despite the emergence of this more sophisticated technique keylogging Trojans remain a popular option. There were some 174 phishing-based Trojans detected in July, up from 154 in June. The majority of these Trojans lay in wait on sites hosted in either Brazil or the US.
posted by Fergie @ 8/24/2005 11:20:00 AM
0 Comments:
Post a Comment
<< Home