Crimeware epidemic spreading fast

Phishers are rapidly becoming more sophisticated with the development of malicious crimeware software that can bypass conventional IT security systems and steal identity information for financial crime, the Anti-Phishing Working Group (APWG) warned today.

In July 2005, APWG researchers found that phishers are designing systems specifically to neutralise the counter-phishing technologies being deployed by financial institutions and ecommerce sites.

"The technological contest between phisher and counter-phisher is well and truly underway," said APWG chairman David Jevans. "It is a contest of escalation."

APWG researchers reported a marked increase in screenscraper technology by phishers. This shift aims to counter the graphical keyboard systems some financial services firms are using to avoid the hazards of keylogging Trojans that phishers have been using to mine the usernames and passwords directly from the keyboard entry of alphanumerics and symbols. When the user mouseclicks a character on the graphical keyboard, the screenscraper takes a snapshot of the screen and sends it to the phishers' server for inspection, according to APWG researchers.

Dan Hubbard, senior director of security for Websense and APWG analyst, said: "Crimeware continues to evolve as we have seen the deployment of advanced techniques to steal information.

"These Trojan horses are moving beyond keylogging and now capture screenshots to obtain end-user credentials."

APWG reported that it had received some 14,135 unique phishing reports in July, down from 15,050 in June. In July 2005, 71 brands were reported as being phished, down from a high of 107 different brands being phished in May 2005.

However, phishers were found to be spreading their nets, and moving away from some traditional marque name financial institutions and hitting a wider base of smaller financial institutions. Financial institutions made up 86 per cent of all phishing targets, down slightly from a recent high of 91 per cent.

APWG secretary general Peter Cassidy said: "Our hope was that as the large financial institutions gained expertise in thwarting and deflecting phishing attacks, phishers and their spam-based schemes would become ineffective as probabilities of landing phishing mails into inboxes of small institutions' customers decreased their intake of user credentials."

"Instead, phishers have employed internet marketing practices of list creation and affinity marketing to target and leverage the trust of small institutions."

APWG also reported that in July, there have been increased numbers of variants and new banking keyloggers. There were some 174 phishing-based Trojans detected in July, up from 154 in June. The numbers of websites that were hosting these keyloggers rose even more dramatically, with almost a 100 per cent increase.

The full text of the report is online here.