Phishers Grow Clever, Focus on the Money - Greater Sophistication
(Page 3 of 4 )
What's really disturbing, though, is that phishing really does seem to be turning into a business. Websense notes in its report that "True 'companies' have emerged, producing and selling toolkits and developing business partner programs that enable less-technical, 'traditional' criminals to use the web to steal data and make money - lots of it." It would sound like something out of a Monty Python sketch if it wasn't so horribly serious.
In fact, the toolkits are big business. They range in price from $30 to $3,000 and even come with user manuals. They boast that they can defeat antivirus technologies and even prove it by publishing their testing statistics against the latest engines. The fancier toolkits let malicious hackers inject computer code into the victim's web browser; this code then steals information the victim enters into legitimate electronic forms. These toolkits are quite popular; a less expensive toolkit, available for $200 to $300, has been used by 7,500 web sites, according to Websense.
Serious and business-like are certainly the right words to use when talking about phishing now. Websense reported a 60 percent drop in websites that make "benign" changes to visitors' computers, such as changing the browser settings, and a 100 percent increase in sites that make malicious changes. These changes include the installation of keyloggers, screen scrapers, and other forms of crimeware without a user's knowledge or consent.
So just how widespread is the crimeware? Let's look at keyloggers. Normal, generic keyloggers simply log keystrokes; the kinds of keyloggers used by phishers, however, "have tracking components which attempt to monitor specific actions (and specific organizations, most importantly financial institutions and online retailers and ecommerce merchants) in order to target specific information..." according to the APWG. Websense found 212 unique keylogger variants in June -- nearly the same number as in May. However, there were nearly a third again as many unique websites hosting keyloggers in June as in May. Again, the U.S. leads the pack here, hosting more than 32 percent of the websites with crimeware.
Perhaps the worst part is that many web servers are being subverted by hackers to host malicious computer code. This can happen totally without the knowledge of the web site owner or site visitors. Dan Hubbard, vice president of security research for Websense, notes that "You could be searching for your favorite recipe and go to a web site that has that information, but the site may have been compromised and you wouldn't even know it...Even the web site owners usually don't know."
Phishing targets have also expanded. Phishers have apparently discovered that the "long tail of search" also applies to their field. "When phishing first started, there were a limited number of brands that were being targeted - the top five banks in the United States, for example," Hubbard explained. "Now they're going after little tiny credit unions in Omaha and Hawaii and San Diego." Websense saw three to six new attacks every day against companies that had never been targeted before.
Websense even discovered some nasty uses of the phone in phishing attacks. In one case, end users were being lured into installing malicious code via text messages. Victims received a text message on their mobile phone, thanking them for subscribing to a fictitious dating service -- which would then charge them $2 per day automatically, to be billed to their cell phone until they canceled their subscription. Another attack sent a spoofed email, but referred the user to a phone number rather than a web site.
More Web Hosting News Articles
More By Terri Wells