Vulnerabilities / Threats
8/19/2009
07:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Identity Theft Malware Surges 600%

Hard times appear to be one reason for the explosion of malicious software designed to steal sensitive personal and financial information.

The indictment of Albert Gonzales of Miami, Fla., for allegedly hacking into corporate computers and stealing more than 130 million credit and debit cards may not have much impact on the identity theft underground.

In the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs, part of computer security company Panda Security. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year.

Luis Corrons, technical director of PandaLabs, speculates that the global economic downturn and the thriving black market for credit and debit card numbers and online account information is driving the creation of so much identity stealing malware. He also notes that the distribution of identity-theft malware through social networks and services like Facebook and Twitter is on the rise.

Panda reports receiving more than 35,000 new malware samples -- viruses, worms, Trojans and the like -- every day. Trojan software designed to steal bank details, credit/debit card numbers, or online account login names and passwords represents 71% of this total. That's up from 51% in 2007.

Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

The methods used to propagate identity theft malware have also become more diverse. Whereas e-mail used to be the primary medium for malware distribution, social sites have become a major attack vector, along with infected Web pages, SMS messages containing Web links, and spyware that attempts to convince users to pay for fake antivirus programs.

Acting U.S. Attorney Ralph J. Marra, Jr. said the indictment of Gonzales shows that law enforcement can track down even the most sophisticated global hacking conspiracies. Whether law enforcement can keep up with growth of the identity theft industry remains to be seen.

InformationWeek Analytics has published an independent analysis on data-loss prevention. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio