Nearly as many unique
malware threats have been created in the first half of 2008 as
in the whole of last year, according to researchers at McAfee's
Avert labs.
McAfee has detected almost 250,000 new threats so far this year.
It attributes the growth in activity to the availability of
point-and-click tools that allow people without technical skills to
quickly create multiple variants of new malware such as trojans and
bots.
Since mid-February, hackers have been focusing on "surf-by"
attacks. Here, hackers add
iframes to
legitimate sites that covertly download malware to users browsing
the site. Criminals have begun offering to pay others to carry out
attacks, said Toralv Dirro, security strategist at McAfee Avert
Labs.
Malware developers are also tapping into small payment services
for mobile phones by fraudulently signing users up for downloads.
"Taking just a small amount - 10 euros - from thousands of users
will net a significant income," says Dirro. "We are also seeing an
increasing number of attacks on 'virtual value' in online gaming
environments."
In general, malware developers are moving away from attacking
primary targets such as such as banks that have well protected
sites. Instead, they are using secondary targets such as social
networking sites, as a precursor to "spear phishing": faking
e-mails using details picked up from social networking sites so
that they convincingly appear to be from people in the victim's
social network.
Dirro says McAfee is seeing a rise in malware targeted at Vista,
but has yet to see an expected rise in threats exploiting
vulnerabilities in IM and VoIP, despite extensive discussion of the
potential for malware in these environments in the security
community.