Spy-phishing is emerging crimeware technique, warns Trend Micro

Besides technological advances, the emergence of spy-phishing as a significant element in the threat landscape also highlights the shift in the intent of malware writers. Previous generations of malware writers developed their programs chiefly to show off their expertise, unlike current writers who are interested in financial gain.

Spy-phishing is done by using Trojan spyware, or software that secretly installs itself on a computer and extracts personal information without the user's knowledge. According to the Trend Micro Trojan Spyware Index, the incidence of Trojan spyware has increased by over 250 per cent over the past 16 months. Similarly, according to a report published by the Anti-Phishing Working Group, an average of more than 188 new samples of Trojan spyware have been utilised in spy-phishing attacks each month in the first four months of 2006 - a 234 per cent increase over the same period in 2005.

"Spy-phishing is anything that causes financial or intellectual loss," explains Jamz Yaneza, senior threat researcher at Trend Micro. "Spy-phishing's direct antecedents are spyware, phishing, and backdoor Trojans. It is a blended threat that uses phishing techniques to initially present itself to users, and then typically engages a host of other techniques and exploits to surreptitiously download and install spyware applications in the background. These applications often download additional spyware applications to extend their functionality."

The five per cent of spyware that can be considered to be malicious is intended solely to steal passwords, bank account information, credit card numbers, social security numbers, and then use that information for illegal purposes.

Phishing, in which the identity of a target organisation is stolen in order to steal identities of unsuspecting customers, frequently uses professional-looking, HTML-based e-mails that include company logos, font styles, colors, graphics, and other elements to successfully spoof the supposed sender. Most also contain a link to a Web site, which is an exact replica of the spoofed site, to lure users into parting with their personal information. Backdoor Trojans are malware programmes that perform unexpected or unauthorized actions on the user's computer and enable unauthorised access by remote systems.

Online money transfer service, E-gold, has been attacked in the past with spy-phishing emails and classical phishing. A trojan EXE was used to steal information that was sent as an attachment in an email. These attacks are similar to phishing in that they spam potential victims, but instead of giving a link to a fake website, they include a trojan in the message. The trojan monitors web traffic in order to steal the usernames/passwords to banking websites.

Spy-phishing offers malicious authors a variety of applications and uses. While individual end-users are an obvious target, enterprises and their work force have more to lose from spy-phishing exploits.

"Businesses of all sizes are potentially at risk, as spy-phishing can also just as easily be utilised for corporate espionage,' says Yaneza. "In fact, due to the Trojan components, and the long-term stealth capabilities they employ, the threat to sensitive corporate information is perhaps greater than is the risk to the individual."

"There is a growing sophistication of techniques used to target vulnerable individuals. Besides regularly updating security software, firms need to realise that enterprise phishing relies on tricking people. They need to instill a healthy dose of scepticism into employees when it comes to trusting emails and web sites. Enterprises need to adopt a strategy of strength and depth," says Justin Doo, regional director, Trend Micro Middle East and North Africa.