Key-logging malware could be behind the recent web mail attack that saw thousands of email addresses and their associated passwords leaked online, according to one security expert. Amichai Shulman, from security firm Imperva, believes that the size of the scam shows that it is not a phishing attack.
According to Mr Shulman, the majority of people do not fall for phishing attacks, with only one person falling for such an email in every 1000 sent.
"The vast majority of people do not fall prey to phishing attacks and the success rates are around one per 1,000," he told the BBC. "The fact that even one of these lists contained 10,000 names suggests to me that it was a key-logging scam."
Once downloaded from an infected website, a key-logger will record every keystroke made, which can include login details for webmail services, social networking sites or online bank accounts. Key-loggers can be downloaded automatically, but in most cases the user is tricked into downloading the malware under the guise of a free anti-virus or performance improving program - something that can even occur on trusted websites.
Just last month, the New York Times fell victim to a so-called "malvertising" attack, when it inadvertently displayed an advert telling people they had a virus, before prompting them to download the malware under the guise of "anti-virus" software - an ever increasing problem on an advert filled Internet.