The month of October in the threat landscape is often associated with scary social engineering tactics in time for Halloween. As in years past, the threats that lurk in and plague the current threat landscape are real. Most of them can cause irreparable damage, often resulting in information, or worse, identity theft as shown in the following blog entries:
- Weather Report for Halloween: High Chances of a Storm
- “Halloween Costumes” Bring More Fright Than Expected
But just how scary is the Web 2.0 environment nowadays? Let us run down a list of the scariest threats thus far:
- 2009 saw the emergence or resurfacing of three of the most notorious botnets in relation to information, financial, and identity theft—Koobface, ZeuS, and Ilomo. Botnets control more compromised machines than previously believed. Only a handful of cybercriminals have more than 100 million computers under their control. This means they have more computing power at their disposal than the entire world’s supercomputers combined. It’s no wonder then that more than 90% of all email worldwide is now spam.Koobface is most known for preying on social networking and micro-blogging site users. It has transcended from its original design of taking over accounts to spread malicious links using the affected users’ credentials to spreading a FAKEAV or its variant to users who just happen to visit a compromised site or to click anywhere on a malicious page where a copy of the malware is hosted.
The ZeuS botnet, on the other hand, is best known for ebanking attacks targeting small businesses that do not have full-time IT staff and only 1–2 payroll personnel. It was first introduced by Rock Phishers this April, paving the way for the rise of easy-to-use kits that yielded professional-looking phishing pages. Its latest components, also known as “ZBOT variants,” now come compressed in more and more complex packers.
Ilomo, the third most dangerous botnet, Ilomo, also known as “CLAMPI” or “LOMOL,” is known for injecting code into an affected user’s browser to wait for him/her to connect to one of over 4,000 banking, financial, or Web mail sites so it can steal his/her credentials. It can, however, also “piggyback” on the user’s session to transfer funds from his/her account to a remote one while making a mockery of the bank’s secure login system. The botnet also sells “anonymity as a service” as every infected machine can act as a proxy, allowing cybercriminals to route their illegal activities through different networks and countries, thereby evading detection.
- Tricking users into downloading FAKEAV has been an age-old cybercriminal tactic that apparently has not stopped working. Hence the continuous rise in the number of FAKEAV pushed to unwitting scam victims up to this day. Trend Micro estimates that more than 100,000 users receive messages saying they have been infected by malware while visiting malicious sites and that there are more than 48,000 FAKEAV offerings per month.Apart from its ability to rake in a lot of dough, it is also hard to detect due to its numerous domains and redirectors, giving security experts a hard time tracking all related activities down. FAKEAV will thus continue to plague users for a long time because its ploy works.
- In June 2009, Microsoft broke its December 2008 record of releasing patches for 28 vulnerabilities with the release of 10 security advisories to address 31 vulnerabilities in its OSs and other software.
Unpatched vulnerabilities can allow cybercriminals to exploit users’ systems. For instance, unpatched vulnerabilities in a system’s browser can allow cybercriminals to run arbitrary code if the user happens to browse through a malicious website, leaving him/her at the mercy of online predators.Microsoft was not alone in this predicament though. Adobe and Firefox have had their share of exploited vulnerabilities as well.
Why do more and more people join the cybercriminal bandwagon? The answer is plain and simple, because there is a lot of money to be made in infecting users. FAKEAV, for instance, sell for an average price of US$50 each. Just imagine how much money cybercriminals can make even if they just sell to a fraction of their target user base! Our threat research papers provide detailed information of such cybercrime activity, if you’re interested, you can read them here.
And if that isn’t scary enough, Trend Micro’s threat researchers found that the going rates for stolen data (credit card information and user credentials) and for infecting users’ systems continue to rise each year. Cybercriminals never seem to run out of tricks to spread threats to users throughout the Web. No wonder U.S. President Obama officially announced October as the “National Cyber Security Awareness Month!”