Stanford University

Abstract Papers Download Related Staff


Current phishing attacks focus primarily on stealing user credentials such as passwords. In response, web sites are deploying stronger authentication and backend analytics systems. These tools are designed to make it harder for phishers to extract value from stolen passwords. We anticipate that phishers will adapt in response. In particular, we expect to see huge growth in the use of a different type of botnet malware called a Transaction Generator or TG for short. A TG waits for the user to log in to his account at a site and then issues transactions on behalf of the user. We discuss a number of mechanisms by which TGs can hide their tracks so that users have no idea that fraudulent transactions were issued by their machine. We also describe a mitigation system, called SpyBlock, that can help reduce the damage caused by TGs.



SpyBlock can defend against transaction generator malware. To use SpyBlock, you will need the following:

Be sure to install SpyBlock on both the browser appliance and the host.

Please send us your feedback!


Stanford Security Lab has developed several other related anti-phishing projects:


Stanford Security Lab