The last six months saw an increase in password stealing, as malware levels dropped
Predictions of an increase in attacks on social networks by password-stealing Trojans this year have been confirmed.
In McAfee's 2010 Threat Predictions, it anticipated that attacks on social networks by password-stealing Trojans and other malware would increase in 2010, and during the current quarter it has seen several examples of that prediction in action. The most prominent of this is the Zeus family, which it usually observes as PWS-Zbot and Spy-Agent.bw, and is the pre-eminent password-stealing Trojan malware, according to its threat report for the first quarter of 2010.
The report said: “Zeus is just one of the key tools of cyber criminals, who often tie password stealers with other types of illegal online material. In this quarter we saw all kind of goodies being installed with Zeus. And whom do you imagine was the prime target for these attacks? Facebook users.”
The most common attack sees an attacker launch a large scam campaign, using a fake password-reset message to get their victims' attention, in most of the cases. The attached document will usually contain a variant of the Bredolab or Pushdo Trojan, which works as an installer for the Zeus family and requires no user interaction.
The report said: “Facebook users suffered not only from Zeus and fake security attacks but also from new variants of the W32/Koobface worm. In March, more than 150 websites were discovered hosting malicious files in the folder .sys, which is hidden on Unix systems.”
It also claimed that the Zeus family was the cause of one of the biggest increases it had seen in malicious URLs and websites, given its ease of use for and prevalence among cyber criminals.
The report said: “We have seen distinct shifts during the quarter to truly malicious servers using automated domain registration practices and fast flux IPs. Once we find one Zeus machine it is easy to find dozens more. One Zeus command server we identified yielded another 160 malicious domains carrying on everything from social networking and media sharing infections to IRS and other credential phishing.”
Despite these attacks, McAfee also found that spam volumes remained relatively unchanged between the fourth quarter of 2009 and the current quarter, increasing only about five per cent. Between January and March, spam traffic averaged approximately 139 billion messages per day, or 89 per cent of all email traffic. In the prior quarter spam accounted for 133 billion email messages per day.
Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, said: “Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates. Previously emerging trends, such as AutoRun malware, are now at the forefront. We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China.”