Identity-Theft Malware Flourishes During Economic Downturn, According to PandaLabs

August 20, 2009

GLENDALE, Calif., Aug. 20 /PRNewswire/ — Panda Security, the Cloud Security Company, today announced that PandaLabs, the company’s laboratory for detecting and analyzing malware, has discovered that the number of users affected by malware designed for identity theft has increased 600 percent this year compared to the same time in 2008. Most of these variants are Trojans, with many incidents of phishing, worms, and spyware.

PandaLabs receives nearly 37,000 samples of new viruses, worms, Trojans and other types of Internet threats each day. Of these, 71 percent are Trojans, mostly aimed at stealing bank details or credit card numbers, as well as passwords for other commercial services. Between January and July 2009, PandaLabs received 11 million new threats, approximately 8 million of which were Trojans. This is in clear contrast, for example, to the average of 51 percent of new Trojans that PandaLabs received in 2007. For a graphical representation of the increase in malware by month, please click here: http://www.flickr.com/photos/panda_security/3837426110/

According to Luis Corrons, Technical Director of PandaLabs, “One of the possible reasons for this increase is the economic crisis. This in conjunction with organizations that have made a business out of selling personal information on the black market, such as credit card numbers, PayPal or eBay accounts is what we can attribute the rise to. We have also seen an increase of the distribution and infection of this kind of malware through social networks.”

Hackers have also been busy exploring new channels for propagating threats and new sources of revenue. With malware samples, which previously almost exclusively targeted users’ online banking information by getting them to enter their user name and password in a spoof bank website, potential victims are now taken to any platform or online site in which their bank details may be stored or where they might have to enter them. This is the case with the increase in targeted attacks on pay platforms (such as PayPal) and other services where users often save their payment details, including popular online stores (such as Amazon), online auctions (such as eBay), or even NGO portals where they make charitable donations.

Similarly, whereas email was one of the only channels used in the past for contacting victims, many other methods are now being used:

  • Distribution across social networks with fake URLs, such as Twitter or Facebook
  • Cloning of Web pages to make them appear among the first results in searches by keywords in popular search engines
  • SMS messages to cell phones
  • Infecting computers with spyware which displays alarming messages and takes users to fake websites (e.g. fake antivirus programs)

Messages that use social engineering are often the final touch to lure users into taking the bait.

Once cybercriminals have obtained credit card or bank details, they have two possible options: use them to make purchases which victims will be unaware of until they receive their bank statement; or sell the details on the black market (often fetching approximately $4 per ID).

PandaLabs estimates that approximately three percent of all users have fallen victim to these techniques. The problem with these types of threats, unlike traditional viruses of the past, is that they are designed to go undetected, and therefore users do not realize they have become victims until it is too late. To avoid falling victim to identity theft, visit Panda’s helpful tips online at http://www.pandalabs.com.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com.

SOURCE Panda Security

Source: newswire

comments powered by Disqus