badware

The Register brought forward this story about a "new" phishing tool. A file downloaded and installed on your computer gives the phisher full access to intervene your Internet banking, PayPal, eBay and so forth.

What is new with this? Spyware, greyware, trojans and virus has been installed on your computer for a long time. Bots have been controlled from the outside for years. The fact that the tool is able to access your information, tap into your communication and present to you what looks like ordinary PayPal, banking or eBay sites is nothing new. What I find disturbing is the that the anti-phishing tools do not detect the hijacking, and thus are not able to prevent it. As a matter of fact, Norton 360 clears the page you are viewing.

You have a successful blog or a company website. You serve your visitors well, and provide good quality information that attracts a high number of visitors. Your website is hosted on one of the many ISPs, and you are confident that they have taken care of all the security for you. No need to worry about a crook hijacking your website, nor a spammer using you as a relay.

You get a complaint from one of your visitors that there are strange things going on when they visit your website, but as you never heard this before, you decide it is the visitor at fault, not the website. A few weeks go by; you see on the stats that the number of visitors decreases. One day when updating your website, you get a window popup you never saw before, and suddenly your antivirus client starts screaming and kicking. You do have an updated anti-virus client, right?