ย  WEBINAR: Watch Netcraft's latest deep dive into P2P messaging scams like never before. Watch now ย 

Resources > Blog > The Phisher Kings
Glyn Moody

The Phisher Kings

This is what makes a recent phishing attack particularly interesting. Unlike those listed in the Anti-Phishing Working Group’s archive, it does not masquerade as coming from a trusted organisation, nor does it explicitly urge recipients to click on a link. Instead, it has the appearance of being either sent in error, or at worst some fairly mild kind of spam message. It does, however, contain a URL that recipients might be tempted to follow out of curiosity – especially given the relative innocuousness of the message, and the lack of any traditionally phishy features.

But as the Code Fish Spam Watch site reveals in loving detail, doing so unleashes an extraordinary series of intrusive events. They culminate in highly-targeted screenshots of password characters being grabbed and sent to an email address in Russia if the user happens to log into Barclays online bank – ironically, one of the few to employ a two-step user login process designed to protect its customers from ordinary keylogger trojans.

Two things are striking about this. First, the technical virtuosity of this scam is an indication of how fast this field is evolving. And secondly, the form of this intricate, low-level attack presupposes a machine running Windows and its default applications. In other words, it depends on the Microsoft monoculture still found within most companies and homes.

Although users of GNU/Linux or the Macintosh may feel a certain satisfaction that they are immune to this and many other attacks based around deep-seated flaws in Microsoft products, they should not be too smug. Another recent but more traditional phishing scam enhances the plausibility of the fake Web site by employing JavaScript to replace the browser address bar with one that displays a fraudulent URL. Users of all platforms who have enabled JavaScript are potentially vulnerable.

As these examples show, phishing is rapidly becoming malware’s new frontier – a devastating mix of coding deftness and cold-blooded deceit. Eradicating it will be even harder than stopping spam, the perpetrators of which are little more than script kiddies in comparison to these new phisher kings.

Glyn Moody welcomes your comments.