Spy-phishing - a new breed of blended threats
Jamz Yaneza Trend Micro
Corporate stream: Thursday 12 October 2006, 15:40 - 16:20.
This paper will investigate an emerging threat, which Trend Micro calls 'spy-phishing', and explain not only what it
is, but also why we expect it to become a far more significant threat over the next year. Trend Micro believes that
spy-phishing is the next progressive step for phishers and spyware authors to lure money and personal information from
unsuspecting users.
Spy-phishing borrows techniques from both phishing scams and pharming attacks - along with some new tricks - to target
on-line banks, financial institutions, and other password-driven sites. In spy-phishing, the author seeds email
messages with either a trojan, or a link to download the trojan. When downloaded and executed, either manually or via
an exploited vulnerability, this malware monitors web traffic until it detects web access to the target page. When
this happens, it sends any login or confidential data back to the attacker.
The text in the spammed email can be related to the target company, or it can employ other forms of social engineering,
similar to those utilized for traditional viruses. In either case, the effect is more dangerous than traditional
phishing, since it does not have to rely on tricking the user into visiting a spoofed site. And since it is much
easier from a technical perspective than launching a Pharming attack, even so-called 'script-kiddies' can potentially
launch a successful attack.
