Security researchers at software maker MessageLabs contend that malware writers, hackers and other cyber-criminals are combining multiple forms of IT threats in an attempt to amplify their efforts.
In the company’s latest IT security intelligence report , MessageLabs experts who have gone through a certified training said that criminals are converging their attacks across multiple communications channels, such as e-mail, instant messaging networks and Web sites, and are also pulling together information-gathering techniques, including spyware, spam and phishing schemes, as they seek new ways to menace businesses and consumers.
As businesses and home users have become increasingly savvy about traditional threats delivered via e-mail attachments, criminals are finding new ways to lure end users to consume their attacks, according to the report. Researchers specifically cited a growth in the number of threats that use spam e-mail messages or IMs to distribute links to Web sites where malware or spyware is secretly downloaded to end users’ computers.
Criminals are also using data garnered from PCs already infected with their botnet virus code to refine their other spam and spyware efforts, said Paul Wood, senior analyst with New York-based MessageLabs. At the end of the day attackers are using any means they can find to build more detailed profiles of individuals in the name of committing identity theft or other forms of fraud against them, he said.
“As a consequence of businesses more closely watching and filtering e-mail, cyber-criminals are looking for other ways to defeat perimeter defenses and creating much smaller-scale attacks aimed at more targeted audiences,” said Wood. “There are fewer attacks delivered via attachments, but far more phishing-like schemes that lure people to malicious Web sites; the HTTP protocol still isn’t locked down at most businesses.”
A perfect example of the trend toward converged attacks can be found in a newly discovered threat aimed directly at users of eBay’s PayPal online payment site. The attack uses a phishing e-mail in an attempt to persuade PayPal customers to call a phony customer service call center where they are asked to disclose personal information including their credit card details by an automated voice system.
Using other common forms of converged attacks, criminals are creating Web sites that distribute small “dropper” malware files that secretly infiltrate PCs and later deliver larger Trojan viruses. Botnet operators are also becoming more sophisticated, using spyware loaded onto the machines they control to garner personal information that can be used to help target other attacks, MessageLabs said.
“The Botnet operators are analyzing behavior and harvesting as much information as they can about each computer, then using that information to target attacks based on the banks or other companies you actually do business with,” Wood said. “The information that is acquired is being used to create very specific attacks, and it is being sold to other criminals.”
MessageLabs said that during the month of June, the ratio of e-mails it tracked that were carrying viruses actually decreased by 0.5 percent, compared with May. However, the company indicated that there has been a noticeable increase in the number of highly targeted Trojan attacks it has charted, specifically those designed to steal intellectual property from businesses, with approximately one such threat arriving per day, compared with one or two per week during the same period in 2005.
The number of phishing attacks discovered by MessageLabs also decreased slightly in June, dropping by 0.12 percent compared with the previous month, but the proportion of all e-mail-borne threats that contained phishing schemes rose to 18.6 percent, compared with only 12.1 percent of all malicious e-mails in May.
The report contends that spammers also continue to become more sophisticated in refining their attacks. MessageLabs said that criminals are turning to new mediums such as mobile text messaging, Web-based instant messaging, blogs and social networking communities such as MySpace.com to bypass e-mail-based anti-spam measures and more effectively target recipients.
The company said that 64.8 percent of all worldwide e-mail traffic consisted of spam in June, representing a 6.9 percent increase over May’s totals.