Thursday, October 1, 2009
At Least One Part of the Economy is Growing: Cybercrime
The APWG (Anti-Phishing Working Group) released its latest Phishing Activity Trends Report and found that new records were being reached in a variety of areas, such as rogue anti-virus software, phishing websites and crimeware designed to target financial institutions' customers.
According to a release, the APWG H1, 2009 report found that the numbers of detected rogue anti-malware programs—fake security software that actually infects computers to animate assorted electronic crimes—grew 585 percent between January and the end of June 2009.
The number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement.
The number of hijacked brands also reached an all-time high of 310 in March and remained at an elevated level to the close of the half in June.
The APWG added a new metric to its Trends Report that measures proliferation of three categories of malevolent software: Crimeware (code designed to victimize financial institutions' customers); Data Stealing and Generic Trojans (designed to send information from the infected machine, control it, and open backdoors on it); and Other (commonly auto-replicating worms, dialers for telephone charge-back scams, etc.). This data was obtained from report contributor Websense.
This metric replaces counts of "Password-Stealing Malicious Code URLs" and "Password Stealing Malicious Code - Unique Applications" which, due to incongruent sources and counting methods became systematically unreliable.
According to Dan Hubbard, APWG Trends Report contributing analyst and Websense CTO, the growing complexity of these attacks is making it difficult for experts to distinguish between those attacks that are designed to steal banking credentials from customers.
"Due to evolution of attack sophistication, it is becoming increasingly difficult to separate and report on attacks that are specifically designed to steal customer banking information," Hubbard said in a statement. "Additionally, attacks that only look for credentials from popular social networking, web mail, and even gaming sites, can lead to attacks for banking theft and crimeware." Continue article (Finance Tech)