Posted by Trend Micro Incorporated (TSE: 4704) 18.104.22.168 July 07, 2008 at 15:48:22:
NebuAd looks to 'spyware' firm for recruits. 'Typical of the Valley' posted by Cade Metz 22.214.171.124 June 21, 2008 at 02:48:21:
Original text: In Silicon Valley, the world's tech capital, the job market is tight, with sales people and engineers in short supply. So what's an ambitious startup like NebuAd to do? One option: ..
Trend Micro Incorporated (TSE: 4704), a global leader in Internet content security, reported today that cybercriminals are not only leveraging new technologies to propagate cybercrime, but are also reinventing forms of social engineering to cleverly ensnare both consumers and businesses, according to the "Trend Micro Threat Roundup and Forecast 1H 2008" report. As a result, the last six months saw an upswing in Web threats, but steady decreases in adware and spyware that are generated by outdated technical methods and can no longer compete with high-level security solutions.
Recently, a new form of phishing warned potential victims about phishing emails as a way to legitimize that email and then tricked them into clicking on a link that leads to a fraudulent site. Spammers are also recycling old techniques. In February, Trend Micro investigated a voice phishing (aka "vishing") attempt. The message appeared convincing, with all links leading to corresponding, legitimate target pages, but included a phony number for recipients to call to reactivate their account, which had been supposedly "placed on hold." Upon calling the phone number, users were asked for their bank card number and PIN, unwittingly opening their bank accounts to the phishers.
"This is a good example of how cybercriminals are evolving with the times -- they're moving away from threats that use old or waning technologies; instead, focusing on the lucrative threats that bring a bigger payload," said Raimund Genes, chief technology officer of Trend Micro.
Other notable findings from the report:
-- With skill comes precision. Cybercriminals are increasingly targeting more affluent users, such as C-level executives who represent a small number of wealthy, high-level individuals in positions of power to gain access to larger bank accounts, login credentials, or even email addresses that span an entire organization.
-- Spam volumes decreased briefly at the beginning of 2008 -- perhaps a post-holiday break for spammers. Volume spiked in March with a small slip in April. Whenever drops in spam activity occur, Trend Micro researchers interpret this as a sign that spammers are either regrouping to launch a new attack or testing new techniques.
-- Bots (compromised PCs) spiked from over 1,500,000 in January to over 3,500,000 in February. This was then followed by a dramatic drop in March.
According to research and observations of attacks that have occurred since the beginning of this year, Trend Micro researchers predict the following trends over the next six months:
-- Cybercriminals will continue to target newly discovered vulnerabilities in "third-party" software applications, such as QuickTime, RealPlayer, Adobe Flash, etc.
-- Crimeware that relies on technical methods that are becoming obsolete, such as dialers and keyloggers, will continue to slowly decline in number. Grayware such as trackware and browser hijackers will also slowly fall off in number as they cannot scale well in an era of million-member botnets.
-- Spam volume will continue to rise exponentially with average daily spam volumes predicted to increase by 30- to 50- billion messages per day. Spam and phishing will rise in August to correspond with back-to-school activities and the Olympics. A seasonal spike is also expected in November to correspond with the holidays, with spam forecasted to reach 170 to 180 billion messages per day.
-- As is occurring now, both spam and phishing will continue to play a part in blended threats. About 0.2 percent-one out of every 500 Web requests-are sent to Web sites hosted on infected PCs, and this trend is expected to continue.
-- Bots and botnets will continue to play an important part in the threat chain for spamming, information stealing, targeted attacks and large-scale attack campaigns.