December 23, 2008

Criminals Switch To Malware For Online Crimes

In April, many scammers began to see problems with their phishing scams.

Security researchers had spent time studying botnet networks and had become very good at blocking fraudulent emails.

These scammers, also called phishers, known for the way they trick victims into giving up user names and passwords, have homed in on a new way to make money.

Phishers have begun using browser plug-ins or other types of software.  Instead of tricking victims to visit websites, they have started sending emails that come with malicious software.  The software poses as a security update from a bank, and installs code that can steal banking credentials.

According to Mickey Boodaei, CEO of Trusteer, a company that makes desktop security software used by banks, malicious software installs are on the rise among scammers.

"We're seeing a clear shift from phishing attacks," said Boodaei.

Phishers have become more technically sophisticated with their attacks, said Dave Jevans, chairman of the Anti-Phishing Working Group.

"These are not things that just steal your passwords," he added. "These add you to botnets."

Some of the malware used by phishers is pretty nasty says Boodaei. "They're trying to inject HTML pages into sessions with these banks to steal information," he said.

Trusteer introduced a search tool earlier this month that shows banks if their domains are being targeted by scammers.

A majority of the phishing attacks were against banking brands like Lloyds, Citibank, PayPal, and Bank of America.  Lately, phishers have begun to attack smaller institutions, and victims outside the U.S.

"With the European banks, it's been the worst year they've ever had," Jevans said.

Phishers aren't stopping with malware.  They are continually looking for new ways to steal.

According to Jevans, phishers have begun to spoof companies like FedEx and United Parcel Service.  He has also seen scammers try to steal information through domain registrars, allowing them to redirect entire websites to their malicious servers.

Security experts believe that this type of attack gave criminals access to the CheckFree internet domain earlier this month.  The online payments service's website was redirected to another site that installed malicious software.

According to John Scarrow, general manager of safety services at Microsoft, social-networking sites have also been a goldmine for scammers, although the attackers have dropped quickly as websites responded to the problem.

Malware has made phishing more complicated for scammers, but phishers are more than willing to help out other scammers.

For example, one Moroccan hacker, dubbed Mr. Brain, creates free phishing kits for new scammers, although the programs come with a catch.

Amateur criminals who use his programs get phished themselves.  All of the data logged by the programs are automatically sent to Mr. Brain.

The profits are still too good for amateur phishers to pass up. 

According to Sean Brady, senior manager with RSA Security, phishing is easier than ever before for beginners. 

"If I could call it anything, I'd call it a commodity crime," Brady said.


On the Net: