iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Web 2.0 The Malware Target Of The Future
Search:
[ insider_reports_insider ]

Web 2.0 The Malware Target Of The Future



Jason Lee Miller
Staff Writer
2008-12-04

SecurityProNews: Insider Reports Insider Reports RSS Feed


Thanks to aggressive community action and law enforcement spam levels and phishing attacks were fewer in 2008, but Symantec's MessageLabs warns in its Intelligence 2008 Security Report that Web-based attacks and targeted Trojans show no sign of slowing down.

Web 2.0 The Malware Target Of The Future
Web 2.0 The Malware Target Of The Future

In fact, the success of social networking and cloud computing could lead to "unprecedented levels of global spam, viruses and cyber crime" in 2009.

In 2008, botnets were responsible for 90 percent of all spam, the annual level of which reached 81.2 percent (of all email being spam). This was actually a decrease from 2007, which saw 84.6 percent spam levels. The decrease was likely due to two major ISPs shutting down McColo Corp., which resulted in an immediate and temporary 75 percent drop in spam this autumn.

Taken offline briefly and thereafter severely impaired as a result of law enforcement and community action were the two largest botnets, Mega-D (Ozdok) and Srizbi, which had been responsible for about half all spam. Except for Srizbi, affected botnets found alternative hosting and returned with the help of "rival" botnets like Cutwail and Rustock.

The rate of phishing attacks was also less, primarily because of the botnet takedown, but gained sophistication. Spoofing now recruitment agencies and online retailers in addition to financial institutions, MessageLabs found 1 in 244.9 emails contained phishing attacks, compared to 1 in 156 emails in 2007. The researchers expect, especially in light of the worldwide financial crisis, that specialized banking Trojans will go on the increase along with phishing attempts.

But the real innovation among cybercriminals will come through social networking and Web-based services. This past year spammers grew to like targeting web-based email from large, free, reputable providers, using new techniques to break CAPTCHAs and generate massive numbers of personal accounts. Mail from these domains was the least likely to blocked by IT departments.

"2008 was an important year for the security industry as new threats emerged and old threats evolved while the Internet gained sophistication and its users became more web-savvy than ever before," said Mark Sunner, chief security analyst, MessageLabs.

"CAPTCHA breaking became one of the best ways to spam and a wide variety of spam ensued emanating from free web-mail and social networking sites, which require personal accounts for access."

Web-based attacks became popular perhaps because instead of having to find new targets, the targets could be compelled to come to them via popular, well-trafficked websites. The daily number of new websites containing malware rose 1,068 in January to its peak at 5,424 in November. On average, new websites blocked daily rose from 1,253 in 2007 to 2,290 in 2009, mostly due to more SQL injection techniques.

One of the favorite techniques this year was distribution of malware via social networking sites by creating fake profiles on social networking sites and luring victims into clicking malicious links. Most phishing attempts in this form resulted in spammed blog comments and friends lists or contacts spam.

"Web 2.0 offers endless opportunities to scammers for distributing their malware - from creating bogus social networking accounts to spoofed videos - and in 2008 the threats targeting social networking environments became very real," Sunner said.

"Web 2.0 thrives on user-generated content, as do the spammers. The ability to adapt to new mediums and upload enticing content as ‘snake oil' to persuade an information-hungry user to activate it, is one of the cybercriminals' strongest talents and has made them successful in transforming deception into a fully scalable business model within the underground shadow economy."

Indeed, recently YouTube users were subjected to fake malicious notices of malware infection, which was an attempt to load spyware on user machines.


About the Author:
Jason is a graduate of the University of Kentucky. He covers business, technology, and security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds