Weekly report on viruses and intruders

OVER HALF OF CHINESE MALWARE AIMS TO STEAL PASSWORDS, SOPHOS WARNS

IT security firm, Sophos, has revealed that over half of all malware originating in China in October was designed to steal usernames and passwords.  This malicious code is designed to give cyber criminals easy access to personal and sensitive data for financial gain and identity theft.

By analysing the malware, which was written in a simplified version of Chinese, Sophos has identified that 45.2% aimed to steal online game login information, with a further 7.5% designed to provide the hackers with username and password details for the popular Chinese QQ instant messaging client.

"Given the ever growing popularity of online gaming in China, this is a worrying trend - once hackers have stolen login details, they can effectively impersonate the victim in the online world," explained Carole Theriault, senior security consultant at Sophos.  "Millions of people play these games every day, but once inside the game, it's difficult to check their identity and these cyber criminals can wreak havoc, for example buying and selling items in online stores and running up huge debts without the victim even realising."

Furthermore, with a significant proportion of the remaining malware designed to give hackers access to instant messaging clients, Sophos is warning computer users of the risks of using the same password across multiple sites and of the importance of using secure passwords.

"While hacking into an instant messaging client may not seem like the end of the world, the danger is that the cyber criminals will have inadvertently gained access to bank accounts, or cracked the passwords to secure password protected information, from which they can steal confidential and financial information," concluded Theriault.

Sophos recommends that businesses secure their PCs with a consolidated solution to defend against spyware, viruses and spam, as well as ensuring that their software offers automatically updated protection.  Computer users should also be wary of unsolicited emails, and display caution when clicking on or opening unknown links or attachments.