The State of Malware Today - May 2006
|
Fortinet Reviews Malicious Code Activity In May 2006 This month, the Fortinet Research team uncovers new threats and dissects cybercrooks’ intentions, delivering insights on the freshest scams around. This month's highlights: May, by the numbers: Top 10 threats caught by Fortinet’s FortiGate security appliances in May 2006:
This month’s top 10 is an almost classical figure. The old schooler Netsky.P is still up at the top, followed by the now regular top 10 guest Adware/BetterInternet (whose activity is heavily backed up by a large botnet). And, for the first time ever, a Phishing threat made it to the top 10. Granted, HTML/BankFraud.E!phish is not actually a single Phishing threat, but a grouping of many Phishing threats detected altogether (in the jargon, this is called a “generic detection”), so one may view this progression in the top 10 as a mere consequence of a reorganization in Fortinet’s threat-naming scheme. According to Fortinet virus researcher Bryan Lu, this is not the case. When HTML/BankFraud.E!phish was added in March, it already accounted for 44 percent of the global phishing activity. In April, it accounted for up to 87 percent of Phishing threats. Overall, 98 percent of all 1.83 million detected Phishing threats in May are HTML/BankFraud.E!phish.
As a conclusion, Phishing activity has been multiplied by five since March, draining vertiginous amounts of money out of online bank accounts of victims from all over the world, mostly targeted toward countries without any digital law to address the issue. What is even more alarming is that not only do Phishing threats grow in volume, they also grow in variety and inventiveness. This month we spotted phishing attempts where the victim is asked to call a telephone number, and disclose his or her credentials. Now, if we put together the fact that people educated in “classical” phishing may still fall in that trap, and the fact that the upcoming reign of VoIP will make it particularly easy to set up anonymous phone numbers, we may come to the conclusion that these scams will raise in the near future, according to Guillaume Lovet, EMEA threat intelligence and response team leader for Fortinet. Phishing is, however, not the only weapon in cybercriminals’ arsenal when it comes down to gathering stolen credentials. Trojans and Spyware material also do the work very well. This makes sense, after all, as it is no more difficult – if not easier in some cases – to get an average user to click on an executable file than to fool her into logging in a fake bank website. In that domain too, two interesting innovations surfaced this month: the “Poker” Trojan, used by cybercriminals to steal user credentials from famous poker sites, and a Trojan meant to steal “virtual” items from players of Massive Multiplayer Online Role Playing Games (MMORPG). Stolen items are then sold to other players wishing to empower their game character – this is generally done via auction sites. According to Lovet, there are two key points here: First of all, any social activity involving money online (e.g. online poker) will sooner or later be the target of cybercriminals. The more popular it becomes, the sooner it becomes a major target. Secondly, there is a very interesting, and disconcerting, collusion between real and virtual worlds. In MMORP games, the virtual world goes on living long after the player in the real world disconnects. Weapons, spells, and other items in an online roleplaying game are meant to be exchanged or bought within the game, thus with virtual money (typically with good old “gold coins”) but some people, willing to empower their game character, are ready to pay real money to acquire particularly powerful items for their game character. This, of course, attracts cybercriminals. And when these items are stolen, and sold again for more money, the culprits are not “elves” or members of the “Guild of Thieves,” but the guy next door who wields a computer trojan infection. Whether or not such a spectacular reduction of the factual frontier between real and virtual worlds is a worrying issue can be debated, but either way: it’s inclined to send a little chill. |
