‘Slurpware’ Comes to the Internet

Jeff Berg
CYBERSPACE — Internet security professionals have given a name to the latest type of online threat and that name is “Slurpware.”

Following on the heels of “phishing” and “spam,” the new term describes a new type of online fraud that involves defrauding e-commerce companies and financial institutions of massive amounts of money.

“Slurpware requires a community of trusted users, phishing mail, password slurping malware and sponsorship of the Russian Mafia,” Gartner research director Jay Heiser told TechWeb News. “It’s when all the effective Internet attack elements come together to potentially steal a lot of money.”

Heiser said that slurpware attacks involving thousands of emails and keylogging have previously hit sites like eBay and Paypal.

“The viability of simple passwords on e-commerce sites won’t be viable much longer,” Heiser said.

Instead, according to Heiser, online companies are going to start moving toward hardware-based authentication systems, such as the one recently implemented by AOL for small business owners.

Using a pager-sized hardware device created by RSA Security Inc. that displays six-digit codes every minute, customers must read the code and then input it in order to access email, calendars, stock portfolios and AOL’s Bill Pay service.

According to Heiser, the United States is lagging behind the rest of the world in terms of implementing hardware-based authentication systems, but it is widely needed.

A recent survey conducted in Britain’s Liverpool Street Station found that 71 percent of office workers were willing to trade their computer password for a chocolate bar.