Feeds

Blackhole crimeware kit drives web threat spike

Report: Conficker also still causing mayhem

Internet Security Threat Report 2014

Fake anti-virus scams are on the wane but drive-by-download threats have rocketed over the past year thanks to the hugely popular Blackhole crimeware kit, while Conficker remains prolific some three years after its release, according to Sophos.

The UK-based security vendor said in its Security Threat Report 2012 (PDF) released today that fake AV levels were 50 per cent lower at the end of 2011 than they were at the start of the year.

Vice president of SophosLabs, Mark Harris, told The Register that although fake AV levels had dropped, it was still the second-most common threat. He said it may just be experiencing a blip as a result of the FBI’s raid on a prolific scareware gang and the arrest of the co-founder of dodgy Russian payment firm ChronoPay in June.

“It’s a dip but they will adapt and move onto other mechanisms. We’ve already seen a technique in Russia where users are encouraged to download an application for free but in order to complete the process they have to text a premium SMS number,” he explained.

“It’s a new trend we’ve seen over the past couple of months and is an example of how malware authors are adapting to get payments another way.”

Drive-by downloads have now become the number one web threat, Sophos said. Ten per cent of threats are now exploit sites, with two-thirds of these the result of popular crimeware kit Blackhole, which generates polymorphic, obfuscated malware that is difficult to detect.

Typical payloads generated by Blackhole include rootkit droppers, fake AV and malware to turn infected machines into botnets, while Java, Flash and PDF vulnerabilities are among the most commonly targeted.

“I fully expect drive-by-downloads to grow this year. It’s partly about end user education filtering through,” said Harris.

“The spam emails the cyber criminals sent with malicious attachments were working but users are now getting more sophisticated and suspicious so they’re forced to move to other techniques. It’s harder for the criminals because once the infection is found the website can be blocked.”

Surprisingly, Sophos also revealed in the report that old timer Conficker is still causing mischief over three years after it was released into the wild. According to the vendor it is the most commonly encountered piece of malware, representing 14.8 per cent of all infection attempts.

Conficker’s continued survival is a result of its aggressive propagation capabilities compounded by poor basic security measures such as patching, and a less than rigorous approach to managing removable and mobile devices, said Harris. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.