FYI...

- http://www.f-secure.com/weblog/archives/00001428.html
April 25, 2008 - "Some phishing gangs have a new technique. They're using trojan-spy applications... the message doesn't mention anything about providing an account-name or password. Instead, it attempts to convince the recipient that they need to install a Digital Certificate for enhanced safety. (Anybody want to buy a bridge?)... It's basically a page full of jargon designed to overwhelm the potential victim. What happens if the victim falls for the bait and installs the "certificate"? A trojan-spy will be installed. So now the phishers don't need to ask for passwords anymore, they can just take them. This technique keeps the classic element of phishing by mimicking the trusted institution — the bank. What they've adjusted is the part that people have become skeptical of, which is giving away their password when requested by e-mail."

(Screenshots available at the URL above.)

More...

- http://www.darkreading.com/document.asp?do...&print=true
APRIL 28, 2008 - "...Both Trend Micro* and F-Secure** over the past few days spotted new iterations of the attack, which was first reported by RSA last week. The latest tack is phishing emails posing as Comerica Bank and Colonial Bank that ask banking customers to renew their digital certificates. When they click on the link for more information on the phony renewal process, it downloads the nasty Trojan onto their desktops... the Rock Phish group also has been coming out with different versions of the malware each day to try to fly under the radar. It changes the “packer,” encoding, and other characteristics to evade antivirus detection... advice to end users...: be aware that your bank will never send you anything to download, not even a digital certificate, so don’t fall for one of these emails..."

* http://blog.trendmicro.com/rock-phishers-u...l-certificates/

** http://www.f-secure.com/weblog/archives/00001428.html