Crimeware soaring says Anti-Phishing Working Group

According to the H2 2010 Phishing Activity Trends Report, one data contributor to the group - Panda Security - registered more than 10 million new malware samples during the third and fourth quarters of the year.

The report notes that cybercriminals are now re-using the base program code of existing crimeware and, by using polymorphic techniques, they can develop new variations of existing crimeware.

Using this approach, says the APWG, allows the reworked crimeware to escape detection from IT security system that use a data fingerprint approach.

Panda Security, says the group, reported more than 10.4 million new malware samples during H2 of 2010, a volume that the report notes is the equivalent of 17% of all samples the IT security vendor has recorded since it started in 1990.

Luis Corrons, PandaLabs technical director and a report contributing analyst, said that 55% of the new samples created in the second half of 2010 were trojans - the favourite weapon used by cybercriminals to infect consumers' computers.

Patrik Runald, a senior manager for security research with Websense and another contributing analyst to the report, said his research team had noticed a shift toward a binary weapons approach to infecting PCs with crimeware, assembling the final crimeware code from several components that arrive through different mechanisms and at different times.

"During the second half of 2010 we saw a small drop, percentage-wise, in malware aimed specifically at stealing data but an increase in the total amount of samples compared to the first half of 2010", he said.

"Downloaders are used in many of these cases and the end goal is still to steal data - but using several components instead of including this functionality in the main component", he added.

Dave Jevans, the chairman of the APWG, said that in the latter months of 2010, his research teams have seen an increase in spear-phishing.

These attacks, he says, are where individuals inside companies and government agencies are targeted by criminals who send individual fake emails to their victims - often with crimeware payloads.

"These emails usually evade spam and anti-virus filters, and are very effective at infecting a user's computer", he said.

"There are an increasing number of reports where spear-phishing is used as part of a sophisticated attack to gain access into a corporation's network by infecting a targeted employee's computer", he added.

Jevans went on to say that this trend is accelerating in 2011, and is responsible for many high profile corporate data breaches.

What’s Hot on Infosecurity Magazine?