Comments on: SMiShing – an emerging threat vector http://blogs.mcafee.com/mcafee-labs/smishing-an-emerging-threat-vector Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Dustin D. Trammell http://blogs.mcafee.com/mcafee-labs/smishing-an-emerging-threat-vector/comment-page-1#comment-5661 Dustin D. Trammell Mon, 13 Nov 2006 20:12:37 +0000 http://blogs.mcafee.com/?p=74#comment-5661 Please, please, for the love of science stop coming up with more names for things that we arleady have names for. Phishing is phishing, SPAM is SPAM, regardless of the transport or delivery mechanims. Phishing over SMS (SMiShing???) is still just phishing, SPAM over Internet Telephony (SPIT) is still just SPAM. SPAM over Instant Messenger (SPIM) is, again, still just SPAM. There's no point in differentiating so granularly other than to deliberately cause confusion. Of course, if you discover something truely unique, by all means coin a new term for it. Also, is this even technically phishing? It has the fake message component, however the collecting of personal information component is only one of the mentioned potential effects of installation of the trojan. If it were truly phishing I would expect the website to be collecting authentication credentials or something. The fact that the website provides a trojaned piece of software would make me expect it to be far more likely that the compromised host would be used as part of a botnet. This sounds much more like a common virus/trojan delivery technique than a phishing attack. Please, please, for the love of science stop coming up with more names for things that we arleady have names for. Phishing is phishing, SPAM is SPAM, regardless of the transport or delivery mechanims. Phishing over SMS (SMiShing???) is still just phishing, SPAM over Internet Telephony (SPIT) is still just SPAM. SPAM over Instant Messenger (SPIM) is, again, still just SPAM. There’s no point in differentiating so granularly other than to deliberately cause confusion. Of course, if you discover something truely unique, by all means coin a new term for it.

Also, is this even technically phishing? It has the fake message component, however the collecting of personal information component is only one of the mentioned potential effects of installation of the trojan. If it were truly phishing I would expect the website to be collecting authentication credentials or something. The fact that the website provides a trojaned piece of software would make me expect it to be far more likely that the compromised host would be used as part of a botnet. This sounds much more like a common virus/trojan delivery technique than a phishing attack.

]]>