Cybercriminals move with the timesCybercrooks are using new technologies and reinventing forms of social engineering to ensnare consumers and businesses, security experts warn. Trend Micro's latest "Threat Roundup and Forecast 1H 2008" report found an upswing Upswing An upward turn in a security's price after a period of falling prices. in web threats, but a steady decrease in adware and spyware generated by outdated methods which can no longer compete with high-level security. Social engineering tactics such as the Nigerian phishing scam (SCSI Configured AutoMatically) A subset of Plug and Play that allows SCSI IDs to be changed by software rather than by flipping switches or changing jumpers. Both the SCSI host adapter and peripheral must support SCAM. See SCSI. have been around for years, and cybercriminals continue to refresh and modernize this form of trickery Trickery See also Cunning, Deceit, Humbuggery. Bunsby, Captain Jack trapped into marriage by landlady. [Br. Lit.: Dombey and Son] Camacho cheated of bride after lavish wedding preparations. [Span. Lit. based on the latest trends. For example, the tools and technologies used to create the interactive nature of popular social networking sites A Web site that provides a virtual community for people interested in a particular subject or just to "hang out" together. Members create their own online "profile" with biographical data, pictures, likes, dislikes and any other information they choose to post. have become a landmine for cybercrime cybercrime also known as computer crime Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. . In March, Trend Micro discovered that more than 400 kits designed to generate phishing sites were targeting top web 2.0 sites, free email service See Internet e-mail service. providers, banks and popular e-commerce sites. Malware variants have generally been treated as separate individual threats. But today, profit-motivated web threats blend various malicious software components into a single web threat business model. For example, a cybercriminal See cybercrook. sends a message (spam) with an embedded link in the email (malicious URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. ) or contained in an instant message. The user clicks on the link and is directed to a site where a file (trojan) automatically downloads onto the user's computer. The trojan then downloads an additional file (spyware) that captures sensitive information, such as bank account numbers (spy-phishing). Although seemingly one incident, blended threats are much more difficult to combat and much more dangerous for the user, Trend Micro warned. Meanwhile, the “fast-flux” technique is an additional example of criminals abusing technology developments. Fast-flux is a domain name server switching mechanism that combines peer-to-peer networking See peer-to-peer network. , distributed command and control, web-based load-balancing and proxy redirection to hide phishing delivery sites. Fast-flux helps phishing sites stay up for longer periods to lure more victims. For example, researchers are challenged to identify malicious Storm domains because developers are using fast-flux techniques to evade detection. Trend Micro witnessed a dramatic increase in web threat activity during the first half of 2008, with web threats peaking in March at 50 million, from approximately 15 million in December 2007. On the decline are adware, trackware, keyloggers and freeloaders. In March 2007, Trend Micro found that approximately 45 percent of PCs were infected by adware; by April 2008, only 35 percent were infected. In May 2007, approximately 20 percent of PCs were infected by "trackware" software, but that number had dropped to less than five percent in April 2008. Keyloggers also showed a small but steady decline with less than five percent of PCs being infected. 
|
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion