Actu
APWG Report Finds Desktops Besieged By Record Numbers of Crimeware-Spreading Websites and Rogue Anti-Malware Programs
March 2009 by Marc Jacob
The APWG, the
global independent coalition combating electronic crime, reported today
that rates of crimeware-spreading sites and rogue anti-malware programs
used for a number of electronic crimes exploded at year’s end,
indicating that electronic crime gangs are investing deeply in automated
systems to steal personal and enterprise data.
The 2^nd Half/2008 /APWG Phishing Activity Trends Report/ released today
reveals that the number of crimeware-spreading sites infecting PCs with
password-stealing crimeware reached an all time high of 31,173 websites
in December. This represents an 827 percent increase from January of
2008.
Further, the report found, rogue anti-malware programs increased 225
percent from 2,850 in July to 9,287 in December. (Rogue Anti-Malware
Programs are fake anti-malware products that can be used for automated
phishing, extortion or, most commonly up until recently, the fraudulent
sale of a worthless purported anti-malware product.)
APWG Chairman, Dave Jevans said, "While phishing attacks continued
against consumers, we saw that cyber criminals really focused new
efforts on spreading malicious software, Trojans and crimeware. In
particular, criminals are attempting to install software onto consumer’s
computers in order to steal their passwords and login credentials to
online sites. Consumers must be wary not only of fake emails purporting
to be from banks, but also beware of fake security software from unknown
vendors and, more than ever, websites programmed to infect their PCs."
Other highlights in the 2^nd Half/2008 /APWG Phishing Activity Trends
Report/’s include:
? Unique phishing reports submitted to APWG recorded a yearly high of
34,758 in October
? Unique phishing websites detected by APWG during the second half of
2008 saw a constant increase from July with October having the high for
the half at 27,739
? The number of unique keyloggers and crimeware-oriented malicious
applications rose to an all-time high in July, reaching 1,519
? The 2^nd Half high of 269 targeted brands in November is just 8.5
percent lower than in May’s all-time high of 294
? The number of phishing attacks against payment services increased more
than 34 percent between Q3 and Q4
Addressing the consistently high number of brands being targeted by
electronic crime gangs, Blake Hayward, Vice President, Product
Marketing, MarkMonitor and contributing analyst to the /Phishing
Activity Trends Report/ said, "The continued rise in targeted brands
suggests that phishers are scaling their operations to conduct
multi-brand attacks."
Websense Chief Technology Officer and APWG Research Fellow/ /Dan
Hubbard said that the major uptick of malicious code URLs was mostly due
to some large attacks that were using huge amounts of random websites
for phishing campaigns that were spoofing classmates’ websites.
Discussing the surge in rogue anti-malware programs, Luis Corrons, Panda Labs’ Technical Director and the newest /APWG Phishing Activity Trends Report /contributing analyst said, “Rogue anti-malware applications are not something new. They have been around for a few years. But it was not until mid-2008 when
cybercriminals realized that this form of attack was a great way to obtain fresh money from users.”
