According to Luis Corrons, Technical Director of PandaLabs, "maybe one of the reasons of this increase is the economic crisis along with the big business that selling this information on the black market, such as credit card numbers, Paypal or Ebay accounts, etc. We have also seen an increase of the distribution and infection of this kind of malware through social networks."
Just as an example, PandaLabs receives over 35,000 samples of new viruses, worms, Trojans and other types of Internet threats every day on average. Of these, 71% are Trojans, mostly aimed at stealing bank details or credit card numbers as well as passwords for other commercial services. Between January and July 2009 we received 11 million new threats, some 8 million of which were Trojans. This is in clear contrast, for example, to the average of 51% of new Trojans that we received at PandaLabs in 2007.
Hackers have also been busy exploring new channels for propagating threats as well as new sources of revenue. With malware samples, which previously targeted -almost exclusively- users' online banking information by getting them to enter their user name and password in a spoof bank website, potential victims are now taken to any platform or online site in which their bank details may be stored or where they might have to enter them.
Such is the case with the increase in targeted attacks on pay platforms (such as Paypal) and other services where users often save their payment details, including popular online stores (such as Amazon), online auctions (e.g. eBay), or even NGO portals where they make charitable donations.
Similarly, whereas email was practically the only channel used in the past for contacting victims, many other methods are now being used:
- Message distribution across social networks with fake URLs, such as Twitter or Facebook - Cloning of Web pages to make them appear among the first results in searches by keywords in popular search engines. - SMS messages to cell phones. - Infecting computers with spyware which displays alarming messages and takes users to fake websites (e.g. fake antivirus programs)
Messages that use social engineering are often the final touch to lure users into taking the bait.
Once they have obtained credit card or bank details, they have two possible options: either using them to make purchases which victims will be unaware of until they receive their bank statement; or selling the details on the black market (often fetching around 3 euros a time).
How can users avoid falling victim?
We estimate that around 3% of all users have been victims of this techniques. The problem with these types of threats, unlike traditional viruses of the past, is that they are designed to go undetected, and therefore users do not realize they have become victims until it is too late.
Yet there is a series of basic prevention measures: