Phishers using smarter hooks

Groups attempting to trick internet users into revealing bank account details and other sensitive information are stepping up their efforts. According to figures from internet firm MessageLabs, the number of phishing emails it has encountered has increased from 279 in September 2003 to 337,050 in January 2004. Other phishing groups are also using new techniques to defeat technical measures put in place to foil their scams. Some infect a host PC with a Trojan and use keystroke loggers to steal passwords for later use.

To combat this, banks have introduced innovative designs on their websites that allow users to pull down menus to enter passwords rather than key them in directly.

But now Australian anti-spam group Code Fish has discovered a new Trojan that attempts to steal passwords by stealing screenshots rather than keystrokes.

Users are sent what looks like an invoice for the purchase of a website. But a VBScript Trojan, svchostss.exe, is automatically downloaded if they check out the site that the email claims they have bought.

Read Full Story