Feeds

Unsung software developers behind rise in online fraud

Tool kits spark explosion in malicious code base, says Symantec

Protecting against web application threats using SSL

One weekend in June, a little-known Trojan downloader made a major debut on the international malware stage after it managed to burrow its way into more than 10,000 websites in just 72 hours. Infected sites - including one connected to rock musician Bon Jovi and another that raises money for charity work of the late Mother Teresa - suddenly became the agents of Russian crime gang, as they pushed malware on unsuspecting visitors.

The outbreak was the handiwork of MPack, an easy-to-use malware toolkit that sells for as much as $1,000. MPack, which has gone on to infect as many as 500,000 websites, according to some estimates, typifies many of the findings of a new report by security provider Symantec, which analyzes trends in internet-based threats for the first six months of 2007.

From January to June, Symantec counted slightly more than 212,000 new samples of malicious code, an almost three-fold increase from the last six months of 2006 and a more than four-fold increase from the first half of that year. According to Oliver Friedrichs, director of emerging technologies for Symantec's security response, the growth would have been impossible without the help of MPack and kits of similar ilk.

"With the improvements in operating system security and security software ... attackers are increasingly needing to attract a higher volume of variants to avoid detections," he said. The increase "is definitely driven by the attackers trying to evade".

As the bad guys get forced into a corner, they are increasingly relying on professionally developed tool kits such as MPack to ratchet up the number of exploits they throw out.

The modus operandi of MPack also typifies at least two other growing trends in online fraud. The first is the use of trusted online sites, which lower the guard of otherwise savvy web surfers. Increasingly, legitimate sites are being compromised so they infect the users who visit them, a practice that differs from older methods that relied on porn or warez sites to push malware.

"It used to be good enough to avoid visiting the seedier sides of the internet. That's not the case anymore," Friedrichs said. Attackers are "increasingly leveraging mediums you or I wouldn't think twice about in order to subvert you."

MPack also exemplifies the move to multi-staged attacks, described in the report as compromises that "establish a beachhead from which subsequent attacks are launched". Like other toolkits, MPack stitches together many individual attacks that exploit websites and clients. The goal: to better penetrate a user's defenses and tailor the attack to a specific objective, such as obtaining online banking credentials or provide personal details to be used for identity theft.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.