Malware designed by phishers for targeted phishing attacks have special characteristics.
They are mostly trojans sent in phishing email attachments or downloaded from the phishing URLs (phishing websites). They have special key loggers to track the user's key strokes to identify visits to targeted systems (such as financial institutions).
The lethal payload of the malware containing the exploit shellcode requires specialized reverse engineering and forensic skills. This is all the more made important because of the obfuscation techniques used by the phishing malware (crimeware) designers. With malware toolkits readily available, the phishers can create malware variants with built-in obfuscation to evade detection by anti-virus software or by intrusion detection systems.
These blog posts will try to uncover the latest trends in phishing malware and the malware forensic techniques that help to analyze, detect and defend against the phishing attacks.
