Trojans, Next Gen Malware En Route

Wednesday, February 16, 2011 @ 03:02 PM gHale

Cybercriminals are gaining ground with creative new phishing methods and making exploit kits more robust, a new report said.

While these new methods may be on the rise, email users may have noticed a significant drop in spam in recent months, according to the Security Labs Report from M86 Security.

Key findings from the report include:

Third-party phishing is on the rise. There was a decline in phishing emails because users are becoming more aware of fake e-mails claiming to be from banking institutions. However, cyber-thieves have found more effective means of stealing bank information from users visiting legitimate banking websites. Malware, including Trojans like SpyEye and ZeuS, is an increasingly popular method used by criminals to make off with personal and financial information.

Email spam is declining, but not gone. Spam volume is down considerably, at year end this was down to one third of the level seen in June 2010. Using the M86 Security Labs Spam Volume Index, which tracks changes in the volume of spam received by representative domains, research showed spam reduction felt the affect of botnet disruptions and the closure of a popular affiliate program. Spam was at the lowest levels seen since November 2008, when the rogue hosting provider McColo went offline.

Botnet take-downs and closure. Notably,, an underground affiliate program used by several spamming botnets, shut down in late September 2010. Officials linked to Glavmed and the “Canadian Pharmacy” brand of bogus online pharmacies. The Rustock botnet had its spam output drastically reduced. However, plenty of other botnets moved up to take its place. The top categories of spam message include those promoting replica watches, fake diplomas and cheap watches.

Exploit kits with virus scanners, social network attacks on the rise. As previously reported, the popularity of exploit kits is on the rise. The newest trend is that more kits are offering services to their customers thus becoming more of a “one-stop shop.” The scanning module in the Siberia Exploit kit and Neosploit’s new Malware-as-a-Service offering are just a couple of significant examples signaling a shift in exploit kit capabilities.

While traditional forms of spamming via email are down, spam techniques using such social networking sites as Twitter, Facebook and LinkedIn, continue to expand. The LinkedIn scam has a legitimate look and feel, inviting users to connect with others in their “network,” only to then connect to the Phoenix exploit kit infection page, which tries to exploit the victims’ computers through various vulnerabilities.

“What is especially noteworthy is that our findings demonstrate that vulnerabilities already patched are continuing to be successfully used for malicious gain,” said Bradley Anstis, vice president of technical strategy, M86 Security. “Organizations and individuals must get better at updating their applications and staying ahead of attacks on their devices and their networks,”

Leave a Reply

You must be logged in to post a comment.