In today's Web 2.0 world, information sharing, online shopping and remote working are just a few examples of the many benefits the Internet and Web 2.0 technologies offer us. Blogs and social networks such as Facebook, Twitter and MySpace are becoming increasingly popular, with individual users and enterprises blogging, tweeting and uploading content on a daily basis. But where users go, cyber-criminals are quick to follow. Do-it-yourself crimeware toolkits that incorporate multiple vulnerability exploits lower the entry barrier for cyber-criminals, making it harder for users to keep up with adequate Web security.
Cyber-criminals are constantly looking for new opportunities and more efficient ways to spread their data-stealing malware or scareware to generate illicit earnings-duping users into purchasing fake software such as antivirus is a popular method. Cyber-criminals know how to capitalize on the latest consumer interest on social networks and news Websites. They capitalize on consumer interest over natural disasters, celebrity doings and other major news (such as President Obama's election and Michael Jackson's death). By using crimeware to booby-trap Web pages with these keywords on popular news sites, social sites and fan pages, cyber-criminals reach millions of potential victims.
It has been estimated that Web pages are infected with malware every 4.5 seconds, putting users' computers as well as corporate computers at risk. According to the Anti-Phishing Working Group (APWG), the number of sites infecting PCs with password-stealing crimeware reached an all-time high of 31,173 in December 2008. This is an 827 percent increase from January 1 of that same year. Furthermore, one in five online consumers in the United States have fallen victim to cyber-crime in the last two years.
Cyber-criminals maximize their profits by turning unsuspecting users that visit infected Websites into business assets. The victims' computers are stealthily infected with malicious code designed to steal data and take control of user machines. In a common scenario, the victims' compromised PCs become part of a botnet. This means that their infected machine can be traded again and again on a botnet trading platform, adding more "masters" that have control over their machines-without their knowledge.