Jamz Yaneza Trend Micro
This paper will investigate an emerging threat, which Trend Micro calls 'spy-phishing', and explain not only what it is, but also why we expect it to become a far more significant threat over the next year. Trend Micro believes that spy-phishing is the next progressive step for phishers and spyware authors to lure money and personal information from unsuspecting users.
Spy-phishing borrows techniques from both phishing scams and pharming attacks - along with some new tricks - to target on-line banks, financial institutions, and other password-driven sites. In spy-phishing, the author seeds email messages with either a trojan, or a link to download the trojan. When downloaded and executed, either manually or via an exploited vulnerability, this malware monitors web traffic until it detects web access to the target page. When this happens, it sends any login or confidential data back to the attacker.
The text in the spammed email can be related to the target company, or it can employ other forms of social engineering, similar to those utilized for traditional viruses. In either case, the effect is more dangerous than traditional phishing, since it does not have to rely on tricking the user into visiting a spoofed site. And since it is much easier from a technical perspective than launching a Pharming attack, even so-called 'script-kiddies' can potentially launch a successful attack.