Spy-phishing - a new breed of blended threats

Jamz Yaneza Trend Micro

This paper will investigate an emerging threat, which Trend Micro calls 'spy-phishing', and explain not only what it is, but also why we expect it to become a far more significant threat over the next year. Trend Micro believes that spy-phishing is the next progressive step for phishers and spyware authors to lure money and personal information from unsuspecting users.

Spy-phishing borrows techniques from both phishing scams and pharming attacks - along with some new tricks - to target on-line banks, financial institutions, and other password-driven sites. In spy-phishing, the author seeds email messages with either a trojan, or a link to download the trojan. When downloaded and executed, either manually or via an exploited vulnerability, this malware monitors web traffic until it detects web access to the target page. When this happens, it sends any login or confidential data back to the attacker.

The text in the spammed email can be related to the target company, or it can employ other forms of social engineering, similar to those utilized for traditional viruses. In either case, the effect is more dangerous than traditional phishing, since it does not have to rely on tricking the user into visiting a spoofed site. And since it is much easier from a technical perspective than launching a Pharming attack, even so-called 'script-kiddies' can potentially launch a successful attack.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.