Sunday, May 07, 2006

Internet Crimes are On the Rise and Deadlier than Ever

Panda Software recently issued it's quarterly report, which comes to the frightening conclusion that 70 percent of all malware they detected in the first quarter of 2006 is related to cyber crime. Activity also seems to have hit record numbers!

Here is their summary:

This report confirms the new malware dynamic based on generating financial returns. Spyware, Trojans, bots and dialers were the most frequently detected types of malware between January and March 2006. Trojans accounted for 47 percent of new malware examples during the first quarter of 2006.

Seventy percent of malware detected during the first quarter of 2006 was related to cyber crime and more specifically, to generating financial returns. This is one of the conclusions of the newly published PandaLabs report, which offers a global vision of malware activity over the first three months of the year. Similarly, the report offers a day by day analysis of the most important events in this area. This report can be downloaded, free of charge, here.

Since this statistic interested me, I jumped over to the Anti-Phishing Working Group's page to see what they had to say. Please note that Panda, along with Websense and MarkMonitor share information with the APWG. They confirmed Panda's report that crime on the Internet seems to be at an all time high.

Here is a tickler from their report:

The total number of unique phishing reports submitted to APWG in March 2006 was 18,480, the most reports ever recorded. This is a count of unique phishing email reports. March 2006 continues the trend of more phishing attacks and more phishing sites. The IRS phishing attack doubled in volume in March as compared to February (in the USA, the tax filing deadline was April 17 in 2006, as the usual April 15 deadline fell on a weekend this year.)

Link, here.

Two of the most concerning forms of malware being used are Keyloggers and Redirectors. Keyloggers are a form of spyware, which record all the strokes on a computer and transmits them to back to the person (criminal), who installed the malware. They are normally used to steal financial information, used in identity theft schemes.

Sadly enough, Keyloggers are legal and easily bought anywhere, including the Internet. They allegedly have legitimate uses like spying on other people?

Perhaps, the FTC should go after some of these vendors like they recently did with the Private Investigators selling telephone records?

Redirectors are a trojan, which once installed on a computer, redirect the user to malicious sites, where their financial information is stolen. The sites are also known to download more malware (crimeware) on systems. Redirectors are extremely dangerous because there is little indication you are being hijacked.

The Anti-Phishing Working Group has some excellent educational information on this subject, including what to do if you become a statistic:

How to Avoid Phishing Scams

What To Do If You've Given Out Your Personal Financial Information

Too many people (who know what to look for) ignore and delete phishing attempts. There are a lot of places you can report activity and make an impact. In most cases, it only takes a minute or two to do so.

You can report phishing activity to the APWG, here. Activity can also be reported to PIRT, which is a joint venture by Sunbelt Software and CastleCops.

Another resource to report activity is the Internet Crime Complaint Center, which is associated with the FBI. You can report it a lot of places, but it is important to report it. If everyone took the time to report one phishy email a day, it would probably have a significant impact.

By reporting the activity that we see and taking advantage of the mostly volunteer efforts to fight it, we might make the Internet a safe place for everyone again. As access becomes cheaper and more widespread, the number of potential victims is growing at a record rate.

Continuing to ignore all those "Phishy" e-mails will only encourage the Phishermen to move forward with greater frequency. Additionally, the attacks are becoming more sophisticated and "how to kits" are being sold on how to do these dirty deeds. This will undoubtedly bring more and more Phishermen to the (already) murky waters of the Internet.

Of course, we can also take the time to educate newer users, also. In fact, awareness protects people more effectively than anything I've seen, thus far.

1 comment:

Anonymous said...

These people will destroy the Internet for all of us.