printer friendly version

E-threats are shifting

Cybercriminals continue to find creative means of distribution.

Malware writers have preserved their focus on Web-based attacks while actively looking for new methods to disseminate their products, according to BitDefender. The company recently released the results of its malware and spam survey from July through December 2009, showing an increase in a wide range of threats, from the exploitation of international news events to higher levels of spam being disseminated through social networking platforms aiming to curb marketing costs in a down economy.

Malware threats in review

Over the last six months, malware writers have continued their efforts to infect computer users in order to receive direct financial gain and/or to seize control over their machines.Trojan.Clicker.CM holds as the number one e-threat for the second half of the year. It is used to force advertisements inside the users’ browsers when visiting grey area websites (such as porn websites or services offering 'warez' software). The alarming infection rate reveals that malware authors are driven by profit, while cyber-criminals are motivated by pay-per-click fraud.

Along with the already traditional Trojan.Clicker.CM infections, Win32.Worm.Downadup has been one of the most notorious e-threats of the past six months. Malware authors’ top choice of distributing their e-threats remains the web, but Autorun-based techniques have been rapidly gaining ground.

By default, every removable storage device features an autorun.ini script that instructs the computer on which file to execute when the medium is plugged in. However, malware authors frequently tamper with the file to make it launch miscellaneous malicious applications. Although extremely useful for non-technical computer users, the feature has been completely discarded in Windows Vista SP2 and Windows 7 in order to prevent infections.

Web 2.0 Threats

Spamming is also a common practice among Web 2.0 service users, such as social networking. While Twitter and Facebook have imposed strict policies on spamming, some other social network services have barely taken into account this possibility. For instance, the professional network LinkedIn has become the favourite playground for people and organisations offering miscellaneous services. Spammers attempt to join users’ professional networks and then bomb them with messages advertising their products or services.

Initially spotted on August 2008, the Koobface worm has been one of the most active and destructive e-threats affecting social networking platforms. The cyber-criminal team behind the worm has released multiple variants of it in order to extend their reach with multiple social networking services. The viral infections took most of the platforms by surprise and the damage inflicted to users was beyond imagination, disabling some of the commercially-available antivirus utilities and exporting sensitive data such as e-banking credentials and IM passwords to a remote location. The infection technique was simple yet efficient: the worm used compromised accounts to lure friends into clicking the infected links.

The phishing landscape

Compared to the first half of 2009, the amount of phishing messages has remained relatively unchanged, although phishers have switched their focus to institutions that could bring them the most of profit in the shortest timeframe. Primary targets are PayPal, Visa and eBay, followed by HSBC, America Express and Abbey Bank. Ally Bank and Bank of America rank last with a little over one percent of the total amount of phishing messages. These messages mostly target English-speaking computer users who are using the services of at least one of the institutions previously mentioned.

BitDefender Labs found that most Web 2.0 phishing attempts in the first half of 2009 relied on social engineering schemes and speculated user naivety. The Twitter Porn Name scam is a good example. Users were invited to reveal their first pet name, as well as the first street on which they lived. These names are usually employed as backup/security questions. An e-crook possessing a person’s username along with these clues can easily retrieve a password that he or she can later employ to access the account and send spam, access transactions, or use the account in whatever way necessary to make a profit, including demanding a ransom for release of the hijacked account.

Share this article:

Further reading: