The Symantec Global Internet Security Threat Report noted a shift in malicious activity to be emerging. The growing level of malicious code activity has also resulted in the proposal of a new cybercrime bill. Malicious activity tends to increase in rapid growth in broadband infrastructure and connectivity. In January 2010, reports emerged that dozens of large companies had been compromised by attackers using the Hydra Trojan. Typically, this type of attack begins with some reconnaissance on the part of attackers. Typically, this type of attack begins with some reconnaissance on the part of attackers.
This can include publicly available information about the company and its employees, such as from social networking sites. This information is then used to create specifically crafted phishing email messages, often referred to as spear phishing, that target the company or even specific staff members. These email messages often contain attachments that exploit vulnerabilities in client-side application or links to websites that exploit vulnerabilities in web browsers or browser plug-ins. In 2009, 60 percent of identities exposed were compromised by hacking attacks.
Which are another form of targeted attack. The hackers gained access to the company payment processing network using an SQL injection attack. The attackers then installed malicious code design to gather sensitive information from the network, which allowed them to easily access the network at their convenience. The attacks resulted in the theft of approximately 130 million credit card numbers. Web-based attacks have replaced the mass mailing worm in this position. Attackers may use social engineering, such as in spam messages, to lure a user to a website that exploit browser and plug-in vulnerabilities.
These attacks are then used to install malicious code or other applications such as rogue security software on the victim’s computer. Four of the top five being exploited were client-side vulnerabilities were frequently targeted by web-based attacks. Two of these vulnerabilities were in Adobe Reader, while one was in Microsoft Internet Explorer and the fourth was in an Active X Control. A Crimeware Kit is a toolkit that that allows people to customize a piece of malicious code design to steal data and other person personal information.
Crimeware Kits like zues make it easier for unskilled attackers to compromise computers and steal information. These kit allow anyone who buys them to customize them to their own needs. The SpyEye Kit, is addition to stealing information, also has the ability to detect if a computer already has Zues installed and if so, to intercept its communications. Fragus Exploit Kit contains mechanisms to prevent buyers from reselling their copies of it. A side effect of these kits is the creation of tens of thousands of new malicious code variants that may only be seen by a single user.
The volume of financial services spam also remained relatively unchanged in 2009, while the levels of financially oriented spam and phishing have remained relatively constant despite the recent economic downturn, attackers have made adjustments in their tactics. Symantec observed more messages advertising refinancing of debts and mortgages along with offers of loans or opportunities to earn money while working from home. This shows that attackers are able to rapidly adapt their social engineering techniques to better take advantage of current events and situations.
Symantec expects attacks against web browsers and malicious code variants installed through these attacks to increase. One of the botnets linked to this ISP was Pandex. This botnet was responsible for as much as 35 percent of spam observed globally before dropping to 8 percent after the ISP was shut down. Spam Zombies that lack a critical command system are unable to send out spam. Additionally, a security researcher allegedly attacked and disabled 250,000 computers associated with the Ozdok botnet.
The volume of spam sent by both botnets recovered several days afterwards because unaffected zombies were instructed to significantly increase their spam output, indicating that these events may have been a large factor in the decrease of spam zombies in the United States. Symantec advises end users to use antivirus software, antispam software, firewalls, tool bar blockers, and other software- detection methods. Symantec also advises end users to never disclose any confidential personal or financial information unless and until they can confirm that any request for such information is legitimate.