There has been a significant increase in the use of marketing approaches and deception tactics to steal money and information from consumers, the report found. Attackers continue to incorporate social lures that appear to be legitimate marketing campaigns and product promotions. Six of the top 10 most prevalent malware families in the second half of 2010 fall into these categories of attack method, the report noted.
“In the second half of 2010, we saw a significant rise in criminals taking on more marketing-like approaches to their attacks. The attacks come in campaigns, they come in waves, and when one wave completes, another wave typically begins using slightly different techniques”, commented Jeff Williams, principal group program manager at the Microsoft Malware Protection Center.
“The marketing-like approaches include both when one is surfing the web and when one is receiving emails. Customers might have a difficult time distinguishing between a real business marketing campaign and one that is not legitimate, that is driving towards malware and other breaches of personal information”, Williams added.
The report points to a polarization of cybercriminal behavior. On one side, sophisticated criminals pursue high-value targets with large payoffs. On the other side, less skilled criminals use more accessible attack methods – including social engineering tactics and pre-existing exploits – to take a small amount of money from a large number of people.
These attack methods include the use of rogue security software, phishing attacks leveraging social networking as lures and adware, which have increased in prevalence in 2010.
Phishing using social networks as a lure increased 1,200% – from a low of 8.3% of all phishing attacks in January 2010 to a high of 84.5% of all attacks in December 2010.
Online gaming attacks are also on the rise. “These are places that have tens of millions of customers and have passwords and credentials that can be stolen through keylogging and other techniques. These sites offer criminals the opportunity to monetize in a variety of ways, whether that is through in-game transactions, passing money through in the form of laundering, or similar techniques”, Williams said. Password stealers, such as Win32/Taterf, are the most prevalent malware on online gaming sites.
In addition, there was a 70% increase in adware – bogus advertising with malicious intent – from July to December 2010, the period examined in the report. The detection of a new pair of adware families, JS/Pornpop and Win32/ClickPotato, contributed significantly to this increase. JS/Pornpop was the number one adware family in 23 countries in the fourth quarter of 2010, the report found.
In 2010, Microsoft protected nearly 19 million systems from rogue security software. The top five rogue security software families were responsible for 70%, or approximately 13 million, of those detections. The two top families of rogue security software are Win32/FakeSpypro, the most commonly detected rogue security software family, and Win32/FakePAV, which poses as Microsoft Security Essentials software.
“Rogue security software is one of the most common methods that attackers use to swindle money from victims. Sometimes referred to as scareware, it is software that appears to be beneficial from a security perspective but provides limited or no security, generates misleading or erroneous alerts, or attempts to lure users into participating in fraudulent transactions”, Williams noted.
Three of the top 10 threat families were adware – JS/Pornpop, Win 32/ClickPotato, and Win 32/Hotbar – making up 25% of all infections observed in the report. Rogue security software made up 10% of all infections.
Commenting on the Microsoft report, Graham Titterington, principal analyst at Ovum, said: “With more consumers and devices coming online every day, cybercriminals now have more opportunities than before to deceive users through attack methods like adware, phishing and rogue security software, It’s becoming increasingly difficult for consumers to decipher legitimate communications and promotions given the sophistication of tools criminals are using, so it’s more important than ever to provide information and guidance about these online threats to increase protections and awareness.”