Phishers migrating to Trojan horse attacks

Keylogging Trojan horses are likely to be used more often in phishing attacks this year

By John E. Dunn

January 6, 2005 12:00 PM ET

TechWorld.com - The latest report (download PDF) from the Anti-Phishing Working Group (APWG) suggests a depressing if unsurprising outlook for phishing trends in the year ahead.
Figures for November, the most recent available from the organization, show a 28% growth in phishing scams over the four previous months. A total of 1,518 sites were active during the month, and most of them were based in the U.S. and Asia.
The average time online was only 6.2 days, but the longest managed to stay up and running for 31 days, and 51 companies had their brands hijacked in an effort by scammers to hook potential victims.
The APWG said it was most concerned that phishers are increasingly using "technical subterfuge" -- Trojan horse keyloggers -- in favor of old-fashioned social engineering attacks. That marks a step up in sophistication because such attacks are extremely difficult to defend against and can snare even experienced Internet users.
Keylogging Trojan horses are likely to be a defining characteristic of phishing over the next 12 months.
"We've already seen indications that phishers are ... commanding automated distribution systems, apparently leveraging botnets, known as zombies," APWG Chairman David Jevans said. "Those resources, combined with conventional key logging and other innovative malicious code, is a threat scenario that could deliver more sophisticated attacks."
Although around 75% of attacks are aimed at financial institutions, it's clear that no sector can consider itself safe. The report outlines a Nov. 3 attack on customers of Internet service provider EarthLink Inc. and on Microsoft Corp.'s MSN.com a week later. The common factor is that the targeted online enterprise has a financial relationship with its users and is of sufficient size to warrant being attacked.

Additional Resources

WHITE PAPER

Forrester Consulting - Optimizing Users and Applications in a Mobile World

Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

WHITE PAPER

Enter the Security KnowledgeVault

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

WHITE PAPER

Cut Communications Costs Once and for All

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Top Stories

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Cybercrime and Hacking White Papers

Protecting Point of Sale Systems from Targeted Attack: If you are responsible for protecting retail systems, download this case study to learn how this retailer eliminated the threat of malware on...
From the Frontline - Preventing APT: Is your company's network secure? Are your endpoints and servers secured? Before you answer, read this case study on a US Military Command...
Stop Hackers Before They Attack: Hacktivism, Identify Theft, Financial Gain, Cyber War - regardless of motivation, stopping today's hackers requires a new proactive approach to protecting endpoints. Learn...
The four rules of complete web protection: As an IT manager you've always known the web is a dangerous place. But with infections growing and the demands on your time...
Protecting personally identifiable information: This white paper examines the challenges organizations face and the steps they can take to protect themselves and their customers against data breaches...

Cybercrime and Hacking Webcasts

WikiLeaks: How am I Affected?: The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
Optimizing Networks for the Cloud: Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere: Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere: Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware: Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...