Want CNET to notify you of price drops and the latest stories?

Phishing attacks take a new twist

Schemes involving malicious code that intercepts passwords and usernames are on the rise, Websense Security Labs reports.

Alorie Gilbert Staff Writer, CNET News.com
Alorie Gilbert
writes about software, spy chips and the high-tech workplace.
Alorie Gilbert
2 min read
Phishers are increasingly using new methods to nab sensitive information from Internet users, according to data from Websense Security Labs.

In recent months, the researchers at security software company Websense detected a rise in schemes involving malicious programs known as keyloggers, according to the March phishing trends report released Wednesday by the Anti-Phishing Working Group.

The technology, which records the keystrokes of people using infected machines, could be designed to help phishers stay one step ahead of honest folk. In the past, attackers have relied mainly on e-mail messages that lure victims to malicious Web sites, where they are duped into disclosing logins and usernames for banking sites and other sensitive online accounts. The messages are typically spoofed to look like they come the bank or other trusted provider.

The keylogger programs are built specifically to capture login names and passwords for online bank accounts and to send them to the attackers, Websense Security Labs said. They typically exploit vulnerabilities in Microsoft's Internet Explorer browser program.

Each week in March and February, Websense uncovered as many as 10 new keylogger variants and more than 100 new Web sites set up to infect computers with them. That's up from November and December, when the company's researchers identified an average of one-to-two new variants and 10 to 15 Web sites per week.

People can infect their machines with keylogger programs in numerous ways, including opening bogus e-mail attachments, downloading programs online or simply visiting a fraudulent Web site.

Keylogger attacks are a particular problem in Brazil, where recent two schemes targeted more than 100,000 .br e-mail accounts, the report found. However, the machine that hosted the malicious code in one of the attacks was located in California.

Phishers have previously turned to instant messaging, faked news feeds and have preyed on people that mistype the Web addresses of popular online destinations, such as Google.

The United States is host to more phishing sites than any other country, followed by China and Korea, according to the APWG report. In March alone, people reported more than 13,000 phishing-scheme e-mails to the group.