By TOM ZELLER Jr.
The New York Times
Most people who use e-mail now know enough to be on guard against
"phishing" messages that pretend to be from a bank or business but are
actually attempts to steal passwords and other personal information.
But there is evidence that among global cybercriminals, phishing may
already be passe.
In some countries, like Brazil, it has been eclipsed by an even more
virulent form of electronic con -- the use of keylogging programs that
silently copy the keystrokes of computer users and send that
information to the crooks. These programs are often hidden inside
other software and then infect the machine, putting them in the
category of malicious programs known as Trojan horses, or just
Two weeks ago, Brazilian federal police descended on the northern city
of Campina Grande and several surrounding states, and arrested 55
people -- at least 9 of them minors -- for seeding the computers of
unwitting Brazilians with keyloggers that recorded their typing
whenever they visited their banks online. The tiny programs then sent
the stolen user names and passwords back to members of the gang.
The fraud ring stole about $4.7 million from 200 different accounts at
six banks since it began operations last May, according to the
Brazilian police. A similar ring, broken up by Russian authorities
earlier this month, used keylogging software planted in e-mail
messages and hidden in Web sites to draw over $1.1 million from
personal bank accounts in France.
These criminals aim to infect the inner workings of computers in much
the same way that mischief-making virus writers do. The twist here is
that the keylogging programs exploit security flaws and monitor the
path that carries data from the keyboard to other parts of the
computer. This is a more invasive approach than phishing, which relies
on deception rather than infection, tricking people into giving their
information to a fake Web site.
The monitoring programs are often hidden inside ordinary software
downloads, e-mail attachments or files shared over peer-to-peer
networks. They can even be embedded in Web pages, taking advantage of
browser features that allow programs to run automatically.