Computer Crime Research Center


Phishers using smarter hooks

Date: April 21, 2004
By: Iain Thomson

Fraud attempts grow with Trojans, keystroke loggers and stolen screenshots

Groups attempting to trick internet users into revealing bank account details and other sensitive information are stepping up their efforts.

According to figures from internet firm MessageLabs, the number of phishing emails it has encountered has increased from 279 in September 2003 to 337,050 in January 2004.

Other phishing groups are also using new techniques to defeat technical measures put in place to foil their scams.

Some infect a host PC with a Trojan and use keystroke loggers to steal passwords for later use.

To combat this, banks have introduced innovative designs on their websites that allow users to pull down menus to enter passwords rather than key them in directly.

But now Australian anti-spam group Code Fish has discovered a new Trojan that attempts to steal passwords by stealing screenshots rather than keystrokes.

Users are sent what looks like an invoice for the purchase of a website. But a VBScript Trojan, svchostss.exe, is automatically downloaded if they check out the site that the email claims they have bought.

This Trojan then attempts to take screen grabs from the PC whenever it is used to access financial sites, including that of Barclays Bank.

Barclays said in a statement: "As you would expect, we closely monitor changes and developments in this space and work closely with other banks and the Hi-Tech Crime Unit.

"We also guarantee to customers that they will not bear any financial loss as a result of fraud against them.

"We are encouraging them to regularly update their antivirus protection software/firewall software and never to reveal their complete ID/password information. Also simply to delete any suspicious emails without opening them."

David Linford, director of anti-spam organisation SpamHaus, said better cooperation between law enforcement agencies could end phishing.

"What the spammers don't realise [is] that they aren't really anonymous - noone is on the internet.

"If law and order wanted to stop this they could if they started talking to each other - cooperation between forces is missing. Most of these [attacks] are coming form Poland and Russia and with international cooperation these computers could be seized."

The UK National Hi-Tech Crime Unit said it is working with colleagues abroad. A spokeswoman told "We're currently working with overseas forces but have to be at the behest of their jurisdictional systems.

"Naturally we can't comment on ongoing investigations but phishing is being looked at."
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo