Adware, fake antivirus scareware and phishing on social networking sites such as Facebook and MySpace became more prevalent from July to December 2010.
Botnets continue to be the backbone of cyber-crime, with
four of the top 10 threats in 2010 getting regular instructions from malicious
command-and-control-servers, Microsoft said in a recent report. Phishing on
social networks also became more prevalent in 2010.
While the Taterf, Rimecud
, Conficker and Renos worms continued
to wreak havoc on user systems, attacks based on rogue security software,
phishing scams on social networking sites and adware increased significantly, according
to Microsoft's latest version of the Security Intelligence Report
12. In SIR volume 10, Microsoft researchers examined security trends based on
data collected from more than 600 million systems worldwide between July and
December of 2010.
There is a "polarization" of criminal behavior, the report
found. There are two types of cyber-criminals, with one group going after large
targets with sophisticated tools and the other camp relying on more
"accessible" methods such as social engineering and other "marketing like"
tricks or launching attacks based on toolkits and other exploits. The more
skilled group looks for large payoffs while the less sophisticated attacks were
interested in stealing small amounts from a large number of people, the report
One of the reasons Microsoft puts out this report is to
provide "actionable guidance" along with an overview of malware trends, Jeff
Williams, principal group program manager with the Microsoft Malware Protection
, told eWEEK.
Phishing attacks on social networking platforms that trick
users into giving up sensitive information or clicking on malicious links have
sky-rocketed 1,200 percent. Phishing on social networking sites accounted for
84.5 percent of all phishing attacks in December, compared with a mere 8.3
percent at the beginning of 2010.
Phishing attacks take advantage of the user's tendency to
trust content they think is from their friends. The criminals also get a
higher return on investment targeting social networks because a handful of
sites represent the majority of the users, Williams said. Phishing attempts are
still concentrated on financial targets, which see between 78 and 91 percent of
all phishing attacks each month.
Adware surprisingly increased 70 percent globally during the
second half of 2010, according to the report. In previous versions of the
report, adware had been declining, according to Williams. The increase was
caused by two new adware "families," including ClickPotato, which displays
pop-up and notification-style advertisements based on the user's browsing
habits, and Pornpop, with adult content pop-under ads.
Pornpop appeared for the first time in the fourth quarter of
2010 and is one of the fastest spreading, according to Williams. Although ClickPotato
had been around for awhile, it hadn't been much of a threat. But in the second
half of 2010, these two families were the two biggest sources of malware and
accounted for nearly 25 percent of all the infections, Williams said.
, such as fake antivirus and other security
software, has emerged as one of the most common methods to swindle money out of
victims. The five largest software families accounted for 70 percent of the
detections, according to Williams. FakeSpypro was the most commonly detected
fake software up until third quarter 2010, when it practically disappeared.
Then FakePAV emerged around the same time and became the most commonly detected
scareware in the fourth quarter.
It was possible the FakeSpypro gang had decided to switch
tactics to work on FakePAV, Williams said.
Java exploits broke into the list of top 10 threat families
for the first time, with two different JRE exploits accounting for 9 percent of
The report highlighted some positive trends, including the
continued decline in vulnerability disclosures, which dropped 16.5 percent from
2009 to 2010. The drop was probably the result of "better development practices
and quality control" throughout the industry as well as better technology
advancements in Windows 7, Williams said.
In the previous report, four of the top 10 threats used the
AutoRun worm, but the technological improvements in Windows 7 had pushed down
Autorun malware as a threat, Williams said.
Spam dropped from more than 90 billion unwanted messages
blocked per month at the beginning of the reporting period to below 60 billion
in December, according to the report.
Organizations should protect its systems by actively updating
its network and implementing strong information security policies to ensure all
systems are properly patched and updated before getting on the network, Williams