Criminals home in on social networks
Symantec has published its semi-annual Threat Report online. One of the findings is that organised crime is homing in on users of social networks, who are apparently quite willing to provide personal information that can be used in phishing attacks.
Whereas 66 per cent of all phishing websites pretended to be from the finance sector, 91 per cent of phishing sites hosted in the US imitated only two social networks. In the EMEA region (Europe, Middle East, and Africa), Symantec found that most phishing sites were hosted in Romania, with the most commonly forged website once again being a social network.
Symantec says the number of the web-based attacks on users by means of drive-by downloads is also increasing. Nonetheless, files attached to emails were still the most common threat at 37 per cent in the EMEA region, down from 49 per cent in the first two quarters of 2007. The US still lead the field globally, accounting for 31 per cent of all malicious activity. China took joint second place with Germany, albeit a long way behind the US, with just seven per cent. Within EMEA, however, 18 per cent of all malicious activity originated from Germany, a mere one per cent down on the first half of 2007. Germany also once again topped the list of computers infected with bots within EMEA at 18 per cent. Globally, the US also comes top with 14 per cent of all computers infected with bots. Symantec found of that the number of command-and-control servers used for bot networks fell to 4,091. Bot networks increasingly communicate via P2P technology and fast-flux servers.
Access to bank account credentials is commonly sold on the virtual black market, with 58 per cent of such servers located in the US. Credit card information has fallen to second place. Overall, Symantec concludes that the market is stabilizing. Attackers are not only more professional, but also quicker off the blocks. According to the Threat Report, exploits for flaws in ActiveX components, etc. pop up quickly in web attack kits, such as MPack, which tries to inject malicious code on user systems in a drive-by download.
Overall, the findings in this latest Threat Report are essentially the same as in the previous one. Trojans are still the most common type of new contaminant at 71 per cent. And once again, computers remained infected with a bot for an average of four days.
Symantec expects the use of white-listing for files and devices to become more common. Finally, IRC-based command-and-control servers will continue to diminish in relevance. Symantec also believes that future threats will attempt to influence the outcome of US elections.
- Internet Security Threat Report Volume XIII: April, 2008, by Symantec (PDF)
- Executive Summary: April, 2008 of the findings in Symantec's Threat Report (PDF)
- Contaminants market is worth billions and specializing further, says report, heise Security report on Symantec's 12th Threat Report