Friday, December 19, 2008
Phishing now installing malware...NEW?
I was LOL when reading about this "new stuff" from Network World today. They are saying that last August phishers started to change from trying to get information from victims to tricking them into installing malicious software? LAST AUGUST? Hey, that is happening in Brazil for years by now.In Brazil the banks were suffering with phishing back in 2002, 2003. As the losses there were huge they started a big campaign to educate their customers about the threat. Soon, people would be avoiding any messages that appeared to come from their banks. The criminals quickly changed their methods.As people had been taught to avoid clicking on links on "messages coming from banks", Brazilian phishers quickly started to send messages that would use any possible reason to trick people into clicking into their links. Those links were redirecting people to download executables, the famous "bank trojans" that were mentioned on the last Microsoft Intelligence Report. Messages could appear to be those "virtual postcards", fake former university/college/high school colleagues sending their "see how I am know", pictures from the last plane crash, among others. Everything was a reason to a new burst of fake messages tricking people into clicking into links.With that approach we could also see the trojan/backdoor evolution. They started as simple keyloggers sending passwords to an e-mail account through SMTP. When the banks started using screen keyboards the malware also started to capture screenshots. When banks started using OTP cards, trojans started to open windows when the victim was visiting the bank's website to request "card activation", obviously requesting all the 40 numbers in that small card (!). Do I really need to say that people believed and were doing that? :-)Now several banks are using OTP tokens. The "bleeding edge" trojans are now trying to change valid transactions from the user, by changing the bill that is being paid or even the destination account of a money wire transfer. That only shows that whenever it is economically feasible, malware will always evolve to match security measures.