CA Technologies has released its State of the Internet 2010: A Report on the Ever-Changing Threat Landscape to provide an in-depth look at the most prevalent threat activity in the first half of 2010, including the emergence of organised Crimeware-as-a-service that is fueling the rapid development of sophisticated new threats.
In the new report from CA Technologies' Internet Security Business Unit, researchers identify more than 400 new threats led by rogue security software, downloaders and backdoors. Trojans were found to be the most prevalent category of new threats, accounting for 73% of total threat infections reported around the world. Importantly, 96% of Trojans found were components of an emerging underground trend towards organised cybercrime, or "Crimeware-as-a-service."
"The extent to which a services model has now been adopted is amazing," said Don DeBolt, director of threat research for CA's Internet Security Business Unit. "This new method of malware distribution makes it more challenging to identify and remediate. Fortunately, security professionals and developers are always diligent about staying one step ahead of these cyber criminals."
The most notable threats and trends of 2010 to-date include:
Crimeware: 96% of Trojans detected in H1 2010 functioned as a component of a larger underground market-based mechanism CA ISBU has termed "Crimeware-as-a-Service." Crimeware essentially automates cybercrime through collecting and harvesting of valuable information through a large-scale malware infection that generates multiple revenue streams for the criminals. It is an on-demand and Internet-enabled service that highlights cloud computing as a new delivery model. This crimeware is primarily designed to target data and identity theft in order to access user's online banking services, shopping transactions, and other Internet services.
Rogue or Fake Security Software: Also known as scareware or Fake AV, the first half of 2010 saw this category of malware continue its dominance. An interesting trend observed recently is the prevalence of rogue security software cloning whereby the software employs a template that constructs its product name based on the infected system's Windows operating system version further enhancing its perceived legitimacy.
Cloud-Based Delivery: Research revealed cybercriminals' growing reliance on using cloud-based web services and applications to distribute their software. Specifically, cybercriminals are using web and Internet applications (e.g. Google Apps), social media platforms (e.g. Facebook, YouTube, Flickr, and Wordpress), online productivity suites (Apple iWorks, Google Docs, and Microsoft Office Live), and real-time mobile web services (e.g. Twitter, Google Maps, and RSS Readers). For example, recent malicious spam campaigns are posing as email notifications targeting Twitter and YouTube users, luring targets to a click on malicious links or visit compromised websites. The recent Twitter scam, where users involuntarily re-tweeted malicious links as users hovered over links on Twitter is just one example of this.
Social Media as the Latest Crimeware Market: CA Technologies recently observed viral activities and abusive applications in popular social media services such as Twitter and Facebook the result of a strong marketing campaign in the underground market. CA's ISBU has observed a black market evolving to develop and sell tools such as social networking bots. Underground marketers promote new social networking services that include account checkers, wall posters, wall likers, wall commenters, fan inviters, and friend adder. These new crimeware-as-a-service capabilities became evident as observed from the latest Facebook viral attacks and abusive applications that are now being widely reported.
SPIM Spamming Through Instant Messaging: One new vector used to target Internet users is SPIM, a form of spam that arrives through instant messaging. CA ISBU observed an active proliferation of unsolicited chat messages on Skype.
Email Spam Trends: When examining email spam trends, the ISBU tracked the usage of unique IP addresses in an effort to determine the source of the most prevalent spam bot regions. Based upon its observation, the EU regions ranked as the number one source of spam recording 31%, followed by 28% in Asia Pacific and Japan (APJ), 21% in India (IN), and 18% in the United States (US).
Mac OS X Threats: Attackers gaining interest remains during the first half of 2010, the ISBU witnessed Mac-related security threats including traffic redirection, Mac OS X ransomware 'blocker' and notable spyware 'OpinionSpy'.