From the bedroom to the bank – IT threats evolve

2006-06-01

Mark Sunner

MessageLabs, UK
Editor: Helen Martin

Abstract

'Phishing levels ... are expected to rise again due to the adoption of spear-phishing techniques.' Mark Sunner, MessageLabs.


In the past, the perception of the 'typical' virus writer or hacker was that of a male teenager, beavering away at a PC in his bedroom, intent on gaining notoriety for his exploits. Now a British teenager who fits that description is facing extradition to the US to stand trial for what has been described as 'the biggest military hack of all time'. If found guilty, Gary McKinnon could face decades in jail as well as massive fines.

We often hear about cases where individuals from the online world have received severe offline punishments for their crimes. Yet, despite the fact that the stakes are high, hackers and virus writers are increasingly lured by the prospect of monetary gain and are honing their skills accordingly.

Spyware provides a lucrative revenue stream for the growing number of criminals who have control over robot networks (or botnets). In a survey conducted by the US National Cyber Security Alliance (NCSA) and AOL last December, it was found that 61% of the computers in the survey had some type of spyware or adware installed on them, less than 10% of which was with the owner's knowledge or permission (see http://www.staysafeonline.info/pdf/safety_study_2005.pdf).

A criminal can make several thousand dollars by installing adware remotely on the compromised PCs under their control, without the owner's knowledge. While each installation may generate only a few pennies of revenue, for someone with control over a large botnet, the overall gain can be significant. More concerning are the malicious worms that are used to create the botnets. These gather very sensitive information from users' machines, including cracked usernames, passwords, credit card numbers and other personal data stored inside web browser auto-fill databases. With this level of intelligence, fraudsters can target their attacks very effectively.

Indeed, the bad guys are becoming increasingly tactical and their attacks more targeted. For example, the days of the scatter-gun approach to phishing seem to be numbered, having been replaced by 'spear-phishing'. By improving the structure and content of the phishing emails, reducing the size of each attack and targeting selective groups of addresses – such as employees of a particular bank or organisation – phishers can improve their chances of success significantly.

According to the most recent MessageLabs Intelligence Report (see http://www.messagelabs.com/Threat_Watch/Intelligence_Reports/), phishing levels declined during the first part of 2006 (1 phish in every 356.2 messages in Q1 06, compared to 1 in every 279.8 messages in Q4 05), but they are expected to rise again due to the adoption of spear-phishing techniques.

We've discussed just some of the threats associated with email, which has become as ubiquitous as the telephone. Although email is currently the favourite vehicle for the bad guys, other tools like Instant Messaging, VoIP telephony and mobile devices will increase in popularity and will increasingly be targeted by criminals in the future.

With the threat landscape moving beyond email and increasing in sophistication, many companies have tightened their security, but there is still room for improvement beyond reactive security software. The reality is that traditional anti-spam and anti-virus solutions provide inadequate protection, and are circumvented easily by criminals.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.