Thursday, October 1, 2009

Phishing websites, rogue antivirus skyrocket in 2009

Phishing websites and rogue antivirus programs increased precipitously in the first half of 2009, according to a new report issued by the Antiphishing Working Group.

The number of unique phishing websites reached a high of nearly 50,000 in June, the second highest on record since more than 55,000 phishing websites were recorded in April, 2007. Meanwhile, the number of people downloading and installing rogue antivirus programs is also on the rise, providing a cash cow to cybercriminal gangs. In the first quarter of 2009 alone, more new strains of rouge antivirus were created than in all of 2008, according to the APWG Phishing Trends Report.

The organization, an industry association of security vendors, individual businesses and business trade associations, started in 2003 and has monitored phishing and email spoofing with the goal of finding ways to reduce and ultimately eliminate the problem. The report includes data collected by security vendors Websense Inc. and Panda Security, as well as brand jacking information from Mark Monitor Inc.

Rogueware, phishing:

Panda reports fast-spreading rogueware antivirus fraud rakes in millions: Rogueware fake antivirus strains are increasing at a stunning rate. Panda Security reports that this cyber crime bilks users out of about $34 million every month.

Can mutual authentication beat phishing or man-in-the-middle attacks? What's the best way to prevent phishing and man-in-the-middle attacks? IAM expert David Griffeth explains the benefits of mutual authentication over one-way SSL.

Phishing, identity theft keeps law enforcement, researchers occupied: An expert on cybercrime and online scams, Derek Manky, is one of the members of the Fortiguard research team

Rogue antivirus displays fake pop-up warnings and launches messages in the task bar warning of a possible infection. Once downloaded, the program typically conducts a fake scan of a victim's system and then provides results showing fake infections.

In June, the number variants of rogue antivirus programs increased above 152,000, according to the APWG. The number of rogue antivirus variants detected was four times as many samples as in all of 2008.

Luis Corrons, technical director of PandaLabs, the research arm of Panda Security, said the lucrative business model has attracted new cybercriminal gangs that are helping fuel the increase in rogue antivirus. Panda estimates that victims are shelling out $34 million per month worldwide for rogue antivirus programs. There are currently more than 200 different gangs being tracked by researchers. Ten gangs are responsible for more than 77% of the rogue antivirus samples, he said.

"Unlike with banking Trojans, where you have to infect the user, steal the data, then hire some money mule with rogueware they only have to wait for users to pay," Corrons said. "The user is the one willing to pay in order to disinfect their computer." SearchSecurity radio:

According to security experts, the rogueware has been spreading by less sophisticated means. They rely on rouge antivirus-touting website visitors to download and install the program. But phishers have been successful in avoiding detection by legitimate antivirus programs, according to the APWG report. Each downloaded rogue antivirus program contains a slightly different binary file, which tricks signature-based antivirus. In addition, Corrons said the programs themselves don't act maliciously on computers, other than displaying false information, which helps them evade detection from antivirus engines.

Search Security

Props to my buddy Eric Cissorsky on this one too!

No comments:

Post a Comment