NEWS

Front Page Top Stories Breaking News World Politics Business Health Food & Wine Women Women in Business Opinion Letters to the Editor High Tech Sports Horoscope Entertainment Entertainment Goss Music Features Books Poetry Movie Reviews Personal Development Home & Garden Industry States UFOs Environment Education SupportOurTroops Middle East South Asia Cartoons NewsBlaze Blog Most Read

WIRES

News Wires

OTHER

About Us Contact Us Writers Editors Link to Us Advertise Sitemap

APWG Cybercrime Report: Crimeware Development and Contagion Surging Worldwide in Second Half of 2010

CAMBRIDGE, Mass. - (BUSINESS WIRE) - The APWG reports in the H2 2010 Phishing Activity Trends Report this month that the development of crimeware surged in the half-year period ending in December, 2010 with one data contributor registering more than 10 million new malware samples in the period, while other analysts describe important shifts in approaches to crimeware deployment by cybercrime gangs.

Cybercriminals repurpose base code of existing crimeware using polymorphic techniques to craft new variations of crimeware to evade detection by filters reliant on fingerprints of known crimeware. In H2, 2010, however, cybercriminals' crimeware development efforts were more than redoubled with PandaLabs reporting 10,425,663 new malware samples being registered in that period - some 17 percent of all samples the company has recorded since 1990.

Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst, said, "Fifty-five percent of the new samples created in the 2nd half of 2010 were Trojans, the favorite weapon used by cybercriminals to infect consumers' computers."

Trojans, deployed as desktop crimeware, infect a user's computer with undetectable malware, designed specifically to allow cybercriminals to break into the online bank accounts of consumers and businesses and then initiate fraudulent funds transfers or enter bogus bill payment instructions.

Patrik Runald, Senior Manager, Security Research for Websense and Trends Report contributing analyst said his laboratory noticed a shift toward a binary weapons approach to infecting PCs with crimeware, assembling the final crimeware code from several components that arrive through different mechanisms and at different times.

Rubald said, "During the second half of 2010 we saw a small drop, percentage-wise, in malware aimed specifically at stealing data but an increase in the total amount of samples compared to the first half of 2010. Downloaders are used in many of these cases and the end goal is still to steal data - but using several components instead of including this functionality in the main component."

Ihab Shraim, chief security officer and vice president, network and systems engineering, MarkMonitor and Trends Report contributing analyst said, "The second half of 2010 saw a 6 percent drop in total phishing attacks from the first half. However, the number of brands targeted went up by over 7 percent and there was an increase of almost 6 percent in unique Brand-Domain pairs. This data suggests that phishers are utilizing more targeted tactics in order to achieve a better ROI on their phishing campaigns."

Indeed, while measurements for conventional social engineering-based phishing show some slowing of growth during the half, reports of hyper-focused phishing attacks on key personnel have been increasing since H2 2010, and have continued growing through early 2011, indicating a larger shift in tactics by established cybercrime gangs. Though difficult to count automatically, reports of these so-called "spear-phishing" schemes have been increasing in frequency over the past year - and continue to grow.

Dave Jevans, APWG chairman and Trends Report contributing analyst said, "In the latter months of 2010 we have seen an increase in spear-phishing, where individuals inside companies and government agencies are targeted by criminals who send individualized fake emails to their victims, often with crimeware payloads. These emails usually evade spam and anti-virus filters, and are very effective at infecting a user's computer.

"There are an increasing number of reports where spear-phishing is used as part of a sophisticated attack to gain access into a corporation's network by infecting a targeted employee's computer. This trend is accelerating in 2011, and is responsible for many high profile corporate data breaches," Jevans said.

The full text of the report is available here: http://www.apwg.org/reports/apwg_report_h2_2010.pdf

Other highlights of the report include:

● Unique phishing reports submitted to APWG in H2, 2010 steadily decreased over the half, after reaching a previous high for 2010 in June with 33,617

● Unique phishing websites detected by APWG during H2, 2010 saw a fluctuation of more than 5,000 sites month to month within the half-year period

● The high number of unique brand-domain pairs, 16,767 in November, was down nearly 32 percent from the record of 24,438 in August, 2009

● The number of phished brands reached a high of 335 in September during the half, a decrease of 6 percent from the all-time high of 356 in October, 2009

● Financial Services returned to being the most targeted industry sector in the 3^rd and 4^th quarters of 2010

● Sweden jumped to the top of countries hosting phishing sites reported during Q3, 2010 with 83.12% of all hosting sites reported in August

● The top 10 most prevalent families of fake anti-virus software are responsible for more than 59 percent of rogueware infections

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's Web www.apwg.org site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and sponsor of the eCrime Researchers Summit, the world's only peer-reviewed research conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.

APWG's corporate sponsors are as follows: AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Booz Allen Hamilton, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), eCert, Entrust (ENTU), eEye, ESET, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GlobalSign, GoDaddy, Goodmail Systems, GroupIB, GuardID Systems, Hauri, HomeAway, Huawei Symantec, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, M86Security, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Planty.net, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO), zvelo and ZYNGA.

APWG
Dave Jevans, +1 650-996-2142
Dave.jevans@antiphishing.org
http://www.antiphishing.org
or
MarkMonitor
Te Smith of MarkMonitor, +1 831-818-1267
Te.Smith@markmonitor.com
http://www.markmonitor.org
or
PandaLabs
Luis Corrons
lcorrons@pandasoftware.es
http://www.pandasoftware.es
or
Websense
publicrelations@websense.com
http://www.websense.com