Cybercriminals move with the times
Trend Micro's latest "Threat Roundup and Forecast 1H 2008" report found an upswing in web threats, but a steady decrease in adware and spyware generated by outdated methods which can no longer compete with high-level security.
Social engineering tactics such as the Nigerian phishing scam have been around for years, and cybercriminals continue to refresh and modernize this form of trickery based on the latest trends.
For example, the tools and technologies used to create the interactive nature of popular social networking sites have become a landmine for cybercrime.
In March, Trend Micro discovered that more than 400 kits designed to generate phishing sites were targeting top web 2.0 sites, free email service providers, banks and popular e-commerce sites.
Malware variants have generally been treated as separate individual threats. But today, profit-motivated web threats blend various malicious software components into a single web threat business model.
For example, a cybercriminal sends a message (spam) with an embedded link in the email (malicious URL) or contained in an instant message.
The user clicks on the link and is directed to a site where a file (trojan) automatically downloads onto the user's computer.
The trojan then downloads an additional file (spyware) that captures sensitive information, such as bank account numbers (spy-phishing).
Although seemingly one incident, blended threats are much more difficult to combat and much more dangerous for the user, Trend Micro warned.
Meanwhile, the “fast-flux” technique is an additional example of criminals abusing technology developments.
Fast-flux is a domain name server switching mechanism that combines peer-to-peer networking, distributed command and control, web-based load-balancing and proxy redirection to hide phishing delivery sites.
Fast-flux helps phishing sites stay up for longer periods to lure more victims. For example, researchers are challenged to identify malicious Storm domains because developers are using fast-flux techniques to evade detection.
Trend Micro witnessed a dramatic increase in web threat activity during the first half of 2008, with web threats peaking in March at 50 million, from approximately 15 million in December 2007.
On the decline are adware, trackware, keyloggers and freeloaders. In March 2007, Trend Micro found that approximately 45 percent of PCs were infected by adware; by April 2008, only 35 percent were infected.
In May 2007, approximately 20 percent of PCs were infected by "trackware" software, but that number had dropped to less than five percent in April 2008.
Keyloggers also showed a small but steady decline with less than five percent of PCs being infected.