Cyber-criminals move with the times

Cyber-crooks are using new technologies and reinventing forms of social engineering to ensnare consumers and businesses, security experts warn.

Trend Micro's latest Threat Roundup and Forecast 1H 2008 found an upswing in web threats, but a steady decrease in adware and spyware generated by outdated methods which can no longer compete with high-level security.

Social engineering tactics such as the Nigerian phishing scam have been around for decades, and cyber-criminals continue to refresh and modernise this form of trickery based on the latest trends.

For example, the tools and technologies used to create the interactive nature of popular social networking sites have become a landmine for cybercrime.

In March, Trend Micro discovered that over 400 kits designed to generate phishing sites were targeting top web 2.0 sites, free email service providers, banks and popular e-commerce sites.

Malware variants have generally been treated as separate individual threats. But today, profit-motivated web threats blend various malicious software components into a single web threat business model.

For example, a cyber-criminal sends a message (spam) with an embedded link in the email (malicious URL) or contained in an instant message.

The user clicks on the link and is redirected to a site where a file (Trojan) automatically downloads onto the user's computer.

The Trojan then downloads an additional file (spyware) that captures sensitive information, such as bank account numbers (spy-phishing).

Although seemingly one incident, blended threats are much more difficult to combat and much more dangerous for the user, Trend Micro warned.

Meanwhile, the 'fast-flux' technique is an additional example of criminals abusing technology developments.

Fast-flux is a domain name server switching mechanism that combines peer-to-peer networking, distributed command and control, web-based load-balancing and proxy redirection to hide phishing delivery sites.

Fast-flux helps phishing sites stay up for longer periods to lure more victims. For example, researchers are challenged to identify malicious Storm domains because developers are using fast-flux techniques to evade detection.

Trend Micro witnessed a dramatic increase in web threat activity during the first half of 2008, with web threats peaking in March at 50 million from approximately 15 million in December 2007.

On the decline are adware, trackware, keyloggers and freeloaders. In March 2007, Trend Micro found that approximately 45 per cent of PCs were infected by adware; by April 2008, only 35 per cent were reportedly infected.

In May 2007, approximately 20 per cent of PCs were infected by trackware, but that number had dropped to less than five per cent in April 2008.

Keyloggers also showed a small but steady decline with less than five per cent of PCs being infected.