The recent absence of high-profile malware attacks and their corresponding alerts does not mean the Internet has suddenly become safer. Rather, it marks a change in the overall threat landscape, according to Trend Micro. High-profile malware attacks have changed course as targeted attacks begin to replace mass email attacks, Trend Micro said.
Trend Micro said from arbitrary mass emails to countless recipients, malware is shifting towards targeted Trojan attacks. "In the past, most malware writers were young people whose motivation was often simply to achieve a certain level of recognition, something to brag about to their friends," said Jeffrey Aboud, Threat Response Manager at Trend Micro. "Considering the motivation, the more computers that were infected, the more recognition they would receive. However, in 2005, we noticed a gradual shift from recognition toward financial gain as the primary motivation, and a shift from young people trying to make a name for themselves to ‘professional’ criminals attempting to steal information for money. Instead of infecting millions of computers, these hackers are targeting smaller groups of computers in order to avoid attracting attention, and to avoid being caught."
Micro Trend said in 2005 the attacks have been more and more targeted. These security threats target a specific company or its users, or a specific group of users with certain shared characteristics rather than arbitrarily spamming millions of email users. Hackers are now sending specially designed Trojans to targets via email in hopes of snaring unsuspecting users, and a slower distribution strategy allows new malware to exist for a longer period of time before detection. This way, hackers are able to collect more private information before the Trojans are detected and removed.
According to Micro Trend Internet Phishing has shifted from the wide net method towards Spear-Phishing to snare specific targets. "From random-distribution, mass-mailing worms and other viruses, we are seeing a reversal, towards the latest ‘Spear-Phishing’ threats," said Jamz Yaneza, Senior Security Threat Analyst at Trend Micro. "Recent attacks attempt to infiltrate their targets through a number of different channels. The most common method is spoofing the sender’s address to lure users into lowering their guard."
Spear-Phishing is a new kind of fraud aimed at specific targets and employs Trojans to steal specific data from pre-defined sites. The Trojans embed themselves in a user’s system and wait until the user logs into a specified site, then collect data and transmit it back to a third party. In contrast, mass-mailing worms are released and spread arbitrarily while the hacker monitors their progress from behind the scenes.
"The biggest difference between specific-target attacks and large-scale attacks is the preparation that takes place before the attack is launched," explained Yaneza.
Another mode of attack that Trend Micro has detected is that hackers target small groups of victims, who do not all use English. For example, the Chinese-language TSPY_FOLIN.AP Trojan disguises itself as a popular instant messaging program in China called QQ, and offers a free stylish QQ account name, but comes bundled with spyware.
"If you run an attachment to an email that purports to be 'From the Nigerian Government,' the TSPY_PERFLOG.L Trojan will implant two spyware programs and a key logger. TROJ_SMALL.SY loads itself into a user’s system when the user visits a certain malicious website, then automatically links to another site to download spyware," said Yaneza. "Among recently discovered Trojan attacks, those that do not themselves contain spyware often link to another website to download spyware programs, and because they are aimed at small groups of targets, the vast majority of users will be completely unaware of their existence."
With spyware attacks becoming more malicious and dangerous, it has become very important to regularly updae anti-spyware programs and anivirus products. Also, users must remain cautious of opening attachments or clicking links in emails before confirming their source.
|
