Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

BitDefender malware survey shows web 2.0 a rising threat

According to the report, fraudsters and criminals are using ever more creative channels of distribution for their scams and malware.

Malware writers, the report said, "remain focused on web-based attacks while actively looking for new methods to disseminate their products".

Based on BitDefender's malware and spam ongoing survey from July through December, the report highlights an increase in threats - from the exploitation of international news events to higher levels of spam being disseminated through social networking platforms.

Presumably, BitDefender said, "fraudsters are aiming to curb their marketing costs in a down economy".

"Over the last six months, fraudsters have continued their efforts to infect computer users in order to receive direct financial gain and/or to seize control over their victim's machines", the BitDefender study said.

"Trojan.Clicker.CM holds as the number one e-threat for the second half of the year. It is used to force advertisements inside the users' browsers when visiting grey area websites - such as porn sites or services offering `warez' software."

The alarming malware infection rate reveals that malware authors are driven by profit, while cybercriminals are motivated by pay-per-click fraud.

Along with the already `traditional' Trojan.Clicker.CM infections, Win32.Worm.Downadup has been one of the most notorious malware e-threats of the past six months, BitDefender said.

"Malware authors' top choice of distributing their e-threats remains the web, but autorun-based techniques have been rapidly gaining ground."

By default, BitDefender said, every removable storage device features an autorun.ini script that instructs the computer on which file to execute when the medium is plugged in.

However, the report noted, malware authors frequently tamper with the file to make it launch miscellaneous malicious applications.

Although extremely useful for non-technical computer users, the feature has been completely discarded in Windows Vista SP2 and Windows 7 in order to prevent infections.

Vlad Valceanu, head of BitDefender's antispam research lab said that, in the second half of 2009, the firm saw international events such as the advent of the H1N1 swine flu exploited to their full extent by malware authors in order to launch new infections.

"As cybercriminals continue to look for ways to enhance their e-threats, now more than ever, it's essential for computer users to make sure they have a security solution in place that can provide them with advanced, proactive protection", he said.

"BitDefender Labs found that most web 2.0 phishing attempts in the first half of 2009 relied on social engineering schemes and speculated user naivety. The Twitter Porn Name scam is a good example. Users were invited to reveal their first pet name, as well as the first street on which they lived. These names are usually employed as backup/security questions", he added.

According to Valceanu, once in possession of a person's username along with these `clues,' an e-fraudster can easily retrieve a password that he or she can later employ to access the account and send spam, access transactions, or use the account in whatever way necessary to make a profit, including demanding a ransom for release of the hijacked account.

Valceanu said that 2009 witnessed a wide range of security threats aiming at both end-users and at corporate networks.

"Extra caution and a highly-rated antimalware solution with antispam, anti-phishing and anti-malware modules are a must-have for anyone surfing the web in 2010", he explained.

What’s Hot on Infosecurity Magazine?