Cybercriminals need less technical expertise to conduct
attacks to
steal credit card numbers and other sensitive information
thanks to a rising number of
software packaged toolkits that automate most of the technical
work.
 | | | | | It's really very active as
hackers update their tools for the criminals, and it looks like any
other professional tool.
Yuval Ben-Itzhak,
chief technology officerFinjan
Software |
| | | | | |
| |
|
Once purchased for only a few hundred dollars, the toolkit can
be installed on a server to begin harvesting data. A software
program produces reports that show attack successes and failures,
how many users are infected and the location of the most lucrative
targets. It also automatically receives exploit updates on new
vulnerabilities that hackers are finding, said Yuval Ben-Itzhak,
chief technology officer of security vendor, Finjan.
"Once someone was smart enough to pack this type of primer and
make it as a toolkit as a software package … on the technical side,
the criminals don't need to have any experience," Ben-Itzhak said.
"Now that it's commercialised, you don't need to have this kind of
experience and they're managing to reach more people that are
willing to do this crime."
According to the latest threat report issued by Finjan, the
crimeware toolkit list continued its steady growth in August. The
list includes some standard names, such as MPack, NeoSploit,
IcePack, WebAttacker, WebAttacker2 and MultiExploit toolkits, as
well as new toolkits such as random.js, vipcrypt, makemelaugh and
dycrypt. Finjan identified the toolkit trend in May and since then
the new versions are helping criminals avoid detection by
traditional signature-based security products, Ben-Itzhak said.
"They're getting almost a daily update," he said. "It's really
very active as hackers update their tools for the criminals, and it
looks like any other professional tool."
Security vendor Finjan has also identified dozens of active
criminals using the toolkits. In July, 58 criminals were detected
using the MPack toolkit to successfully infect over 500,000 unique
users in a single month.
"Sometimes, because these types of criminals are not experts,
they are not even securing their own servers," Ben-Itzhak said.
Among the latest discoveries by Finjan's new SecureBrowsing tool
was the IcePack toolkit, responsible for compromising the Bank of
India Web site. Much like McAfee's SiteAdvisor browser plug-in,
Finjan's SecureBrowsing adds safety ratings to URLs of search
results, but also scans a site for a lurking crimeware toolkit.
In addition to crimeware toolkits, Finjan also identified six
active affiliation programs that pay Web site owners for infecting
their visitors with crimeware. Web site owners use an "iframe"
method to merge content from two different servers in a way that it
looks like one page to a site visitor. They are using the method to
inject content from a remote site, which is downloading Trojans and
crimeware to an end user's machine.
"As long as there is a business there and the site owner will
make money off of it, we expect this technique to continue,"
Ben-Itzhak said. "People are moving forward and improving their
technique, because at the end of the day they will see cash in
their bank."
August Spam increases, but PDF spam declines
The month of August also saw a steady increase in spam, according
to Symantec, which recently released its monthly report on the
topic. The antivirus company said overall spam activity increased
by 3% to just under 70% of all email traffic.
PDF spam, which emerged in June, rose
dramatically in August, accounting for nearly 20% of all spam,
but the PDF images then declined, closing out at less than 1% of
total spam for the month, Symantec said.
"Antispam vendors' success with blocking PDF spam to date
illustrates how the lifespan of new spam attacks correlates with
how much effort is required by spammers in order to circumvent
antispam filters," Symantec said in its report.