Feeds

Unsung software developers behind rise in online fraud

Tool kits spark explosion in malicious code base, says Symantec

Security for virtualized datacentres

One weekend in June, a little-known Trojan downloader made a major debut on the international malware stage after it managed to burrow its way into more than 10,000 websites in just 72 hours. Infected sites - including one connected to rock musician Bon Jovi and another that raises money for charity work of the late Mother Teresa - suddenly became the agents of Russian crime gang, as they pushed malware on unsuspecting visitors.

The outbreak was the handiwork of MPack, an easy-to-use malware toolkit that sells for as much as $1,000. MPack, which has gone on to infect as many as 500,000 websites, according to some estimates, typifies many of the findings of a new report by security provider Symantec, which analyzes trends in internet-based threats for the first six months of 2007.

From January to June, Symantec counted slightly more than 212,000 new samples of malicious code, an almost three-fold increase from the last six months of 2006 and a more than four-fold increase from the first half of that year. According to Oliver Friedrichs, director of emerging technologies for Symantec's security response, the growth would have been impossible without the help of MPack and kits of similar ilk.

"With the improvements in operating system security and security software ... attackers are increasingly needing to attract a higher volume of variants to avoid detections," he said. The increase "is definitely driven by the attackers trying to evade".

As the bad guys get forced into a corner, they are increasingly relying on professionally developed tool kits such as MPack to ratchet up the number of exploits they throw out.

The modus operandi of MPack also typifies at least two other growing trends in online fraud. The first is the use of trusted online sites, which lower the guard of otherwise savvy web surfers. Increasingly, legitimate sites are being compromised so they infect the users who visit them, a practice that differs from older methods that relied on porn or warez sites to push malware.

"It used to be good enough to avoid visiting the seedier sides of the internet. That's not the case anymore," Friedrichs said. Attackers are "increasingly leveraging mediums you or I wouldn't think twice about in order to subvert you."

MPack also exemplifies the move to multi-staged attacks, described in the report as compromises that "establish a beachhead from which subsequent attacks are launched". Like other toolkits, MPack stitches together many individual attacks that exploit websites and clients. The goal: to better penetrate a user's defenses and tailor the attack to a specific objective, such as obtaining online banking credentials or provide personal details to be used for identity theft.

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.