Cybercriminals invest in social networking attacks

By Neil Roiter, Senior Technology Editor, Information Security magazine 08 Dec 2009 | SearchSecurity.com

Security UK News Digg This!     StumbleUpon     Del.icio.us

If cybercriminals are now using sound business principles, seeking the best return on investment, where should the malicious entrepreneur sink their money to get the most bang for their buck?

The 2009 Cisco Systems Annual Security Report takes a stab at predicting next year's most profitable, least profitable, most promising and most dependable cybercrime investment areas. The Cisco Cybercrime Return on Investment Matrix identifies the innovative and lucrative banking Trojan Zeus, as well as more of the type of successful Web exploits that have dominated cybercrime as "rising stars."

"The idea was to look at things from the criminal perspective," said Scott Olechowski, a security business development manager at San Jose, Calif.-based Cisco Systems Inc., "to analyze our portfolio of services and figure out which ones we are going to continue to invest in; which ones they might look at reducing investment in or divest entirely."

On the down side, the "dogs" in the Matrix are distributed-denial-of-service attacks (DDoS), which have generally been more of a pure malice, and, increasingly, more of a political weapon than a profit generator, instant messaging, a data leak concern but not much of a revenue generator, 419 scams (King of Nigeria will have to look elsewhere for help), and traditional phishing scams, which are far less effective than Zeus and the new generation of banking Trojans

Looking for a solid, low-risk investment with a good rate of return? "Cash cows" include pharmaceutical spam, click fraud, scareware and advanced fee fraud. Social networking attacks, including the Koobface worm is considered a "promising" place to invest.

Zeus and other banking Trojans, such as Clampi and URLZone, are particularly alarming. Zeus had infected an estimated 3.6 million computers by October, and Clampi, which is newer, some hundreds of thousands.

The banking Trojans infect computers in the usual ways, such as email phishing or drive-by downloads. Zeus waits until a user logs into an account -- typically online banking -- and collects login data. It is particularly nasty in its ability to thwart multifactor authentication by asking the user to generate several one-time passwords, usually from a token. These Trojans have been responsible for stealing millions, including large withdrawals from small business or local government accounts.

Zeus banking Trojan toolkits are available for about $700, and include a kit that creates variants to help it evade antivirus programs.

Cisco also noted the surge of "rogue" fake antivirus scams early this year. These start with simple pop-up software that tricks the victim into believing his computer is infected and urging him to clean it up by purchasing the antivirus vaporware for, say $60. The scammers get the credit card information as a bonus.

The report pays special attention to social networking as an attack vector on the climb. While it's still early, criminals are gravitating towards Facebook, with more than 300 million users, and other popular Web 2.0 sites, such as Twitter. Criminals are launching spam, phishing attacks and other scams, often using hijacked accounts to spread the mischief among the victim's friends and followers.

And, the rising trend of social networks and sophisticated Trojans isn't dampening the bad guys' enthusiasm for email spam. The precipitous drop following the McColo shutdown in December 2008 has been offset by a rise to record volume of more than 250 billion messages a day. Cisco predicts a steady rise to more than 300 billion through 2010.

Interestingly, spam volume in the U.S., Russia and China was down, while spam in developing countries was up. Brazil, in fact, moved ahead of the U.S. as the world leader.

"It's clear that Internet service providers in developed nations are making great strides in combating spam, Russell Smoak, Cisco's director of technical support said in the report. "That knowledge needs to be shared with their counterparts in emerging economies."

Tags: Threat and Vulnerability Management,  Web Application Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Threat and Vulnerability Management Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 What to do with network penetration test results Web Application Security CISOs take measured steps to reduce social media risks Google to pay for Chrome browser vulnerabilities Facebook, McAfee partner to fix social network security issues PDF attack code complicates security analysis, skirts detection Annual security reports offer some hope Firefox, Opera, Safari browsers top list of high risk software Active PDF attacks target Reader, Acrobat zero-day vulnerability Using unique device identification for bank website security Avoid common Web application firewall configuration errors Microsoft gives Internet Explorer a major security overhaul

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary