CA Technologies warns on the rise of 'crimeware-as-a-service'

Source: CA Technologies

Nearly two billion people today use the Internet to conduct business, communicate with family and friends, stay-in-touch with current events and entertain themselves - and in doing so, expose themselves to an extensive and growing number of malware threats.

CA Technologies (NASDAQ: CA) has released its State of the Internet 2010: A Report on the Ever-Changing Threat Landscape to provide an in-depth look at the most prevalent threat activity in the first half of 2010 including the emergence of organized "Crimeware-as-a-Service" that is fueling the rapid development of sophisticated new threats. The State of the Internet 2010 white paper provides industry insights based on the extensive catalog of received and processed infections reported by CA Technologies' Internet security customers and partners around the world in the first half of 2010.

In the new report from CA Technologies Internet Security team, researchers identify more than 400 new families of threats--led by rogue security software, downloaders and backdoors. Trojans were found to be the most prevalent category of new threats, accounting for 73 percent of total threat infections reported around the world. Importantly, 96 percent of Trojans found were components of an emerging underground trend towards organized cybercrime, or "Crimeware-as-a-Service."

"Crimeware isn't new, but the extent to which a services model has now been adopted is amazing," said Don DeBolt, director of threat research, Internet Security, CA Technologies. "This new method of malware distribution makes it more challenging to identify and remediate. Fortunately, security professionals and developers are diligent about staying one step ahead of these cyber criminals."

The most notable threats and trends of 2010 to-date include:

• Rogue or Fake Security Software: Also known as "scareware" or Fake AV, the first half of 2010 saw this category of malware continue its dominance. Google became the preferred target for distribution of rogue security software through Blackhat SEO, which manipulates search results to favor links to infected websites domains. Rogue security software displays bogus alerts following installation and will coerce users to pay for t the fake product/service. An interesting trend observed recently is the prevalence of rogue security software cloning, whereby the software employs a template that constructs its product name based on the infected system's Windows operating system version, further enhancing its perceived legitimacy.

• Crimeware: 96 percent of Trojans detected in H1 2010 functions as a component of a larger underground market-based mechanism which CA Technologies Internet Security has termed "Crimeware-as-a-Service." Crimeware essentially automates cybercrime through collecting and harvesting of valuable information through a large-scale malware infection that generates multiple revenue streams for the criminals. It is an on-demand and Internet-enabled service that highlights cloud computing as a new delivery model. This crimeware is primarily designed to target data and identity theft in order to access user's online banking services, shopping transactions, and other Internet services.

• Cloud-Based Delivery: Research revealed cybercriminals' growing reliance on using cloud-based web services and applications to distribute their software. Specifically, cybercriminals are using web and Internet applications (e.g. Google Apps), social media platforms (e.g. Facebook, YouTube, Flickr, and Wordpress), online productivity suites (Apple iWorks, Google Docs, and Microsoft Office Live), and real-time mobile web services (e.g. Twitter, Google Maps, and RSS Readers). For example, recent malicious spam campaigns are posing as email notifications targeting Twitter and YouTube users, luring targets to a click on malicious links or visit compromised websites. The Facebook ecosystem has been an attractive platform for abusive activity including cyberbullying, stalking, identity theft, phishing, scams, hoaxes and annoying marketing scams.

• Social Media as the Latest Crimeware Market: CA Technologies recently observed viral activities and abusive applications in popular social media services such as Twitter and Facebook - the result of a strong marketing campaign in the underground market. CA Technologies Internet Security has observed a black market evolving to develop and sell tools such as social networking bots. Underground marketers promote new social networking applications and services that include account checkers, wall posters, wall likers, wall commenters, fan inviters, and friend adders. These new crimeware-as-a-service capabilities became evident as observed from the latest Facebook viral attacks and abusive applications that are now being widely reported.

• Spamming Through Instant Messaging (SPIM): One new vector used to target Internet users is SPIM, a form of spam that arrives through instant messaging. CA Technologies Internet Security observed an active proliferation of unsolicited chat messages on Skype.

• Email Spam Trends: When examining email spam trends, the Internet Security team tracked the usage of unique IP addresses in an effort to determine the source of the most prevalent spam bot regions. Based upon its observation, the EU regions ranked as the number one source of spam recording 31 percent, followed by 28 percent in Asia Pacific and Japan (APJ), 21percent in India (IN), and 18 percent in the United States (US).

• Mac OS X Threats: Attackers gaining interest remains during the first half of 2010, the ISBU witnessed Mac-related security threats including traffic redirection, Mac OS X ransomware 'blocker' and notable spyware 'OpinionSpy'.

CA researchers continue to urge all users to be security-aware when accessing information via the Internet and have provided the following security tips to help ensure safe computing, including:

1. Do NOT open email from people you don't know. Think twice and verify before clicking a URL or opening an attachment.
2. Implement a strong password that you can remember.
3. When conducting online banking or financial transactions, make sure your browser connection is secure.
4. Encrypt online communication and confidential data.
5. Back up your important data. Keep a copy of all your files and store them separately.
6. Be cautious about instant messaging. Avoid chatting with people you don't know.
7. Protect your identity while enjoying online social networking activities. Be wary of clicking links or suspicious profiles. Be aware when installing extras such as third party applications; they may lead to malware infection, or attackers could use them to steal your identity.
8. If you are using Adobe PDF Reader, prevent your default browser from automatically opening PDF documents.
9. Check for and install security updates regularly.

The CA Technologies 2010 State of Internet Security report is intended to inform consumers and businesses of the newest and most dangerous online threats, forecast trends and provide practical advice for protection. The analysis provided is based on incident information from the CA Technologies Global Security Advisor team, submitted by the company's Internet security customers and consumers, as well as publicly available information. For access to the full report and additional tips, please

The CA Technologies Global Security Advisor Team delivers the around-the-clock, dependable security expertise, offering trusted security advice to the world for more than 16 years. Providing a complete threat management resource, the team is staffed by industry-leading researchers and skilled support professionals. It offers free security alerts, RSS feeds, PC scans and a regular blog updated by the worldwide team of researchers. In March 2008, CA Technologies and HCL America announced a partnership agreement. As part of this agreement, HCL provides research, support and product development for CA Technologies entire portfolio of threat-related products for home, small and medium businesses, and enterprises.

Comments: (0)