Slurpware: You Heard It Here First

The newest term in Internet security threats has just been coined: slurpware.

Gregg Keizer, Contributor

January 18, 2005

2 Min Read
InformationWeek logo in a gray background | InformationWeek

The newest term in Internet security threats has just been coined: slurpware.

"It's when all the effective Internet attack elements come together to potentially steal a lot of money," said Jay Heiser, a vice president and research director at Gartner said Tuesday. "'Slurpware' requires a community of trusted users, phishing mail, password slurping malware, and sponsorship of the Russia Mafia," he added.

Such convergence-style attacks aren't new, but they are the future, said Heiser, noting that organized crime-operated, slurpware-style assaults have hit e-commerce companies like eBay and PayPal, as well as some major financial institutions.

"This is indicative of a certain level of attack sophistication, and it's unreasonable to think that there won't be further convergence [of techniques]," he said.

By combining the automated properties of massive e-mail campaigns and keylogger-style spyware, the bad guys have the upper hand at the moment. "The criminals figured out how to automate their offense before we automated our defense," said Heiser.

The answer, he predicted, will have to be stronger authentication that goes beyond the simple usernames and passwords that most e-commerce or e-banking sites now use. "The viability of simple passwords on e-commerce sites won't be viable much longer."

Among the defenses being tried, said Heiser, are hardware-based tokens required to access confidential sites, such as banks and credit card companies. While the "U.S. is way behind on this," he said, other regions are moving fast. "Brazil is, and it's not because it's a hotbed of technology, but because there's been a lot of [online] theft there." Other areas with a head start on America include Western European countries like the Netherlands and the Scandinavian nations.

But unlike some prognosticators, Heiser doesn't' fear for the viability of online commerce. "The online market is too appealing to both buyers and sellers," he said. "They'll solve the problems as they come up, or maybe after they appear, but generally it will work its way out."

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights