Phishers and security firms in malware 'arms race': "

Def Con

Conventional phishing attacks launched via spam messages are becoming eclipsed by sophisticated malware designed to steal identities, according to a study by Anti-Phishing Working Group (APWG). Conventional phishing attacks launched via spam messages are becoming eclipsed by sophisticated malware designed to steal identities, according to a study by Anti-Phishing Working Group (APWG). APWG's July 2005 phishing reports adds that fraudsters are developing approaches specially designed to neutralise counter-phishing technologies.
APWG researchers reported a "marked increase" in screenscraper technology by phishers, an approach designed to counter graphical keyboard systems sometimes used by banks to thwart conventional key-logging Trojans. When a consumer selects a character on the graphical keyboard using mouse clicks, the screenscraper takes a snapshot of the screen and sends it to the phishers' server, in one example intercepted by the researchers. Despite the emergence of this more sophisticated technique keylogging Trojans remain a popular option. There were some 174 phishing-based Trojans detected in July, up from 154 in June. The majority of these Trojans lay in wait on sites hosted in either Brazil or the US. APWG's July 2005 phishing reports adds that fraudsters are developing approaches specially designed to neutralise counter-phishing technologies.…