Vulnerabilities / Threats
8/19/2009
07:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Identity Theft Malware Surges 600%

Hard times appear to be one reason for the explosion of malicious software designed to steal sensitive personal and financial information.

The indictment of Albert Gonzales of Miami, Fla., for allegedly hacking into corporate computers and stealing more than 130 million credit and debit cards may not have much impact on the identity theft underground.

In the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs, part of computer security company Panda Security. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year.

Luis Corrons, technical director of PandaLabs, speculates that the global economic downturn and the thriving black market for credit and debit card numbers and online account information is driving the creation of so much identity stealing malware. He also notes that the distribution of identity-theft malware through social networks and services like Facebook and Twitter is on the rise.

Panda reports receiving more than 35,000 new malware samples -- viruses, worms, Trojans and the like -- every day. Trojan software designed to steal bank details, credit/debit card numbers, or online account login names and passwords represents 71% of this total. That's up from 51% in 2007.

Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

The methods used to propagate identity theft malware have also become more diverse. Whereas e-mail used to be the primary medium for malware distribution, social sites have become a major attack vector, along with infected Web pages, SMS messages containing Web links, and spyware that attempts to convince users to pay for fake antivirus programs.

Acting U.S. Attorney Ralph J. Marra, Jr. said the indictment of Gonzales shows that law enforcement can track down even the most sophisticated global hacking conspiracies. Whether law enforcement can keep up with growth of the identity theft industry remains to be seen.

InformationWeek Analytics has published an independent analysis on data-loss prevention. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.