January 30, 2007 12:09 PM PST

Phishing overtakes viruses and Trojans

Phishing attacks have outnumbered e-mails infected with viruses and Trojan horse programs for the first time, according to security experts.

Security mail services vendor MessageLabs reported on Monday that in January 2007, one in 93.3 e-mails (1.07 percent) comprised some form of phishing attack. There were fewer e-mails--one in 119.9, or 0.83 percent--infected with viruses.

The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm worm and Warezov attacks, according to MessageLabs.

"If you look at infected e-mail traffic for January, it's very spiky," Mark Sunner, chief technology officer at MessageLabs, told ZDNet UK.

"With Storm worm, there are clear spikes, then drops down to normal levels," Sunner said. "It's as though someone is turning on the tap briefly, then letting it abate."

Phishing attacks have become more sophisticated, according to MessageLabs. As online merchants and banks have shifted toward two-factor authentication, there has been a rise in sophisticated "man in the middle" phishing tools and Web sites, though such attacks are still quite rare.

Two-factor authentication often involves the user keying in pseudorandomly generated codes--for example, from a key fob--as well as entering a password. This is designed to foil attacks where information is harvested using keyloggers; the code can be used only once.

One particular form of man-in-the-middle attack tries to circumvent this by effectively hijacking a user session. Users are duped into visiting a spoofed portal, hosted on a compromised machine. Information entered, such a bank details and codes, is relayed through the compromised machine to the real bank site. Once the users have validated themselves on the real system through the compromised relay, hackers kill the user connection through the relay and take over the session.

Phishing e-mails are also becoming more personalized, according to Sunner, making such confidence tricks more believable. This includes phishers sending links to people for spoof sites of banks that the intended victims actually use, as opposed to randomly hitting a section of the population.

"We're continuing to see a real increase in the targeted nature of messages across the board. Phishing is becoming more personalized," Sunner said.

More phishing sites are now using Flash content rather than HTML in an attempt to evade antiphishing technology deployed in Web browsers.

Security vendor Sophos confirmed that it also saw more phishing than malicious-software activity in January. "More e-mail at the moment does appear to be phishy rather than containing malicious attachments," said Graham Cluley, senior technology consultant at Sophos. "The trend has been for the proportion of infected e-mail to drop for a while now."

However, Cluley warned that this indicated a shift in infection methods toward Web-based attacks rather than a shift from malicious software to phishing.

"More and more of the bad guys are moving towards Web-based attacks," he said. "That means that the e-mail itself may not contain a malware attachment but instead a Web link to a site or download that would then infect you with a Trojan horse.

"We shouldn't necessarily conclude that the malware problem is diminishing; it just may be changing its nature," Cluley added.

Sophos is seeing approximately 5,000 new malicious URLs every day hosting malicious software or drive-by downloads of unwanted content, Cluley said.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
phishing, MessageLabs Ltd., Graham Cluley, Sophos Plc., virus attack

2 comments

Join the conversation!
Add your comment
Duhhhhh... It's where the biggest money is!
Viruses, Trojans and Worms cause a lot of havoc, but blackmail schemes have raised very little income.

Where as with Phishing... they get your credit info, charge your account to the max and make millions off of it... and much of it goes unnoticed until after they've scammed at least thousands, ten-thousands or more!

Bottom Line: Phishing is a Lucrative business by easily fooling so many people with!!!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Phishing
This is no surprise phishing is so successful because it is able to prey on both the ignorance of many users and fear. People want to make sure their accounts are ok when they receive warning emails so they click and start filling out information without looking the to verify if the site is correct. Yahoo recently has implemented a new seal program that I think has the potential to help reduce phishing for their login sites. I posted a description of how this works over at <a class="jive-link-external" href="http://www.techknowbizzle.com/" target="_newWindow">http://www.techknowbizzle.com/</a>.
Posted by MD525 (22 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.