Breach, Mobile, Phishing

Well-oiled underground market tops latest Symantec threat report

September 17, 2007

An underground economy where professional-grade crimeware and stolen data is exchanged in forums and auction-style websites has turned into a commercialized and extremely lucrative undertaking, the latest Symantec Internet Threat Report shows.


The report, which was released today and provides a six-month overview of the internet threat landscape, from January to June, concludes that not only are cybercriminals becoming increasingly profit motivated, but some have decided to scrap spearheading attacks all together to instead concentrate on selling malware creations.

"Today, we're seeing a market of professional quality software from individuals who are solely in the business of writing the software and selling it," Oliver Friedrichs, director of emerging technologies for Symantec Security Response, told SCMagazineUS.com.

The first widespread example of this shift in money-making tactics came earlier this year when researchers noticed the MPack toolkit, a combination of exploits, being sold in the black market for around $1,000.

Credit card numbers, or dumps, make up the most widely advertised merchandise in the underground economy, accounting for 22 percent of all items, the report says. Numbers go for as little as 50 cents, Friedrichs said.

"It's really representative of the volume of data that's available," he said. "The number of data breaches affecting organizations continues to remain high."

The report also notes a trend among attackers to use well-known and trusted websites, such as social networking sites, to infect users through vectors such as malicious banner advertisements. Many users fall for these threats because they think they are surfing in a safe community, Friedrichs said.

Meanwhile, the number of malicious code variants jumped to 212,000 in the first six months of this year, up from 74,000 in the last six months of 2006, the report reveals.

"Attackers are increasingly trying to evade security technologies by creating more variants," he said, adding that hackers are still taking advantage of web browser and plug-in vulnerabilities, such as ActiveX and QuickTime flaws.

Another interesting new threat involves targeting the user credentials for persistent virtual worlds (PVWs), such as Second Life, and massively multiplayer online games (MMOGs), such as World of Warcraft and Lineage. These games allow players to conduct real money transactions to buy and sell game assets.

"We see more and more threats targeting online gaming accounts," Friedrichs said. "If I can gain access to your account, I can steal your online possessions and then go sell those in the real world. It's an economy that's growing at a fairly rapid pace."

prestitial ad