Microsoft Finds Phishing on Social Networks, Malware Attacks Increased

Adware, fake antivirus scareware and phishing on social networking sites such as Facebook and MySpace became more prevalent from July to December 2010.

Botnets continue to be the backbone of cyber-crime, with four of the top 10 threats in 2010 getting regular instructions from malicious command-and-control-servers, Microsoft said in a recent report. Phishing on social networks also became more prevalent in 2010.

While the Taterf, Rimecud, Conficker and Renos worms continued to wreak havoc on user systems, attacks based on rogue security software, phishing scams on social networking sites and adware increased significantly, according to Microsoft's latest version of the Security Intelligence Report released May 12. In SIR volume 10, Microsoft researchers examined security trends based on data collected from more than 600 million systems worldwide between July and December of 2010.

There is a "polarization" of criminal behavior, the report found. There are two types of cyber-criminals, with one group going after large targets with sophisticated tools and the other camp relying on more "accessible" methods such as social engineering and other "marketing like" tricks or launching attacks based on toolkits and other exploits. The more skilled group looks for large payoffs while the less sophisticated attacks were interested in stealing small amounts from a large number of people, the report found.

One of the reasons Microsoft puts out this report is to provide "actionable guidance" along with an overview of malware trends, Jeff Williams, principal group program manager with the Microsoft Malware Protection Center, told eWEEK.

Phishing attacks on social networking platforms that trick users into giving up sensitive information or clicking on malicious links have sky-rocketed 1,200 percent. Phishing on social networking sites accounted for 84.5 percent of all phishing attacks in December, compared with a mere 8.3 percent at the beginning of 2010.

Phishing attacks take advantage of the user's tendency to trust content they think is from their friends. The criminals also get a higher return on investment targeting social networks because a handful of sites represent the majority of the users, Williams said. Phishing attempts are still concentrated on financial targets, which see between 78 and 91 percent of all phishing attacks each month.

Adware surprisingly increased 70 percent globally during the second half of 2010, according to the report. In previous versions of the report, adware had been declining, according to Williams. The increase was caused by two new adware "families," including ClickPotato, which displays pop-up and notification-style advertisements based on the user's browsing habits, and Pornpop, with adult content pop-under ads.

Pornpop appeared for the first time in the fourth quarter of 2010 and is one of the fastest spreading, according to Williams. Although ClickPotato had been around for awhile, it hadn't been much of a threat. But in the second half of 2010, these two families were the two biggest sources of malware and accounted for nearly 25 percent of all the infections, Williams said.

Rogue scareware, such as fake antivirus and other security software, has emerged as one of the most common methods to swindle money out of victims. The five largest software families accounted for 70 percent of the detections, according to Williams. FakeSpypro was the most commonly detected fake software up until third quarter 2010, when it practically disappeared. Then FakePAV emerged around the same time and became the most commonly detected scareware in the fourth quarter.

It was possible the FakeSpypro gang had decided to switch tactics to work on FakePAV, Williams said.

Java exploits broke into the list of top 10 threat families for the first time, with two different JRE exploits accounting for 9 percent of infections.

The report highlighted some positive trends, including the continued decline in vulnerability disclosures, which dropped 16.5 percent from 2009 to 2010. The drop was probably the result of "better development practices and quality control" throughout the industry as well as better technology advancements in Windows 7, Williams said.

In the previous report, four of the top 10 threats used the AutoRun worm, but the technological improvements in Windows 7 had pushed down Autorun malware as a threat, Williams said.

Spam dropped from more than 90 billion unwanted messages blocked per month at the beginning of the reporting period to below 60 billion in December, according to the report.

Organizations should protect its systems by actively updating its network and implementing strong information security policies to ensure all systems are properly patched and updated before getting on the network, Williams said.