The emergence of spy-phishing as a significant element in the threat landscape stems, in part, from a shift in the intent of malware writers, as well as a number of technological advances these writers have recently made. Whereas previous generations of malware writers developed their programmes chiefly to show off their expertise and gain bragging rights among their peers, most writers are now more interested in financial gain. Some create spyware programmes to steal credit card numbers, account log-ins, or a variety of other types of personal information. Others develop and/or enhance bot networks, which are then sold or leased to other individuals or groups, as a way of launching their programmes. Still, others phish for personal information either to use for themselves or to sell to others.
"Spy-phishing is really just another section under the category of crimeware, which can be defined as anything that causes financial or intellectual loss," explained Jamz Yaneza, senior threat researcher at Trend Micro.
Spy-phishing's direct antecedents are spyware, phishing, and backdoor Trojans.
Spyware -- software that secretly installs itself on a user’s computer and runs in the background – is designed to log personal information without the user's knowledge. The 5 per cent of spyware that can be considered to be malicious in intent is intended solely to steal passwords, bank account information, credit card numbers, social security numbers, and other forms of sensitive information – then use that information for illegal purposes.
Phishing – in which the identity of a target organisation is stolen in order to steal the identities of unsuspecting customers of the target company – frequently uses professional-looking, HTML-based e-mails that include company logos, font styles, colours, graphics, and other elements to successfully spoof the supposed sender. Most also contain a link to a Web site, which is nearly always an exact replica of the spoofed site, to lure users into parting with their personal information. Backdoor Trojans are malware programmes that perform unexpected or unauthorised actions on the user's computer – and enable unauthorised access by remote systems.
"Spy-phishing is a blended threat," said Yaneza. "It uses phishing techniques to initially present itself to users, then typically engages a host of other techniques and exploits to surreptitiously download and install spyware applications in the background. These applications oftentimes download additional spyware applications to further extend their functionality."
According to data collected by Trend Micro, the amount of Trojan spyware such as that employed in spy-phishing attacks has been steadily increasing. According to the Trend Micro Trojan Spyware Index, the incidence of Trojan spyware has increased by over 250 per cent over the past 16 months. Similarly, according to a report published by the Anti-Phishing Working Group, an average of more than 188 new samples of Trojan spyware have been utilised in spy-phishing attacks each month in the first four months of 2006 – a 234 per cent increase over the same period in 2005.
Spy-phishing offers malicious authors a variety of applications and uses. While consumers and other individual end users are an obvious target, the potential uses for spy-phishing technologies and techniques go far beyond this group. Enterprises and their employees have even more to lose from spy-phishing exploits.
"Businesses of all sizes are potentially at risk, as spy-phishing can also just as easily be utilised for corporate espionage," added Yaneza. "In fact, due to the Trojan components, and the long-term stealth capabilities they employ, the threat to sensitive corporate information is perhaps greater than is the risk to the individual, if only due to the magnitude of the potential for loss."
Beware !!
