|
Malware grows 10-fold in 2008 |
|
|
|
| McAfee researcher points to ailing economy as key factor in cybercrime crisis |
| Written by Neil Sutton, on Wed-December-2008 |
Page 1 of 2
 In the past year, the number of malware threats has increased 10-fold, according to one of McAfee’s top security professionals, and the situation is likely to get worse as the global economic crisis deepens.
Dave Marcus, director of security research and communications for
McAfee’s Avert labs, was in Toronto Dec. 9 to deliver the results of
McAfee’s “Virtual Criminology Report.” According to Marcus, Avert
detected about 150,000 pieces of malware in 2007. By mid-December 2008,
that number jumped to more than 1.4 million.
“Every single one of them is financially motivated,” said Marcus.
“Every single one of them is geared towards stealing identity
information or password information or credit card information in such
a way as to make money. It’s not written for fun anymore. Those days
are over.”
Avert’s approach
McAfee's Canada's general manager Ross Allen refers to Avert as the
software company’s “marines,” but there’s so much malware out there
that Avert cannot possibly assign a person to review it all. In the
past few years, McAfee has invested heavily in backend automation so
that the vast majority of malware intercepted by Avert is never seen by
human eyes. More than 90 per cent of it is dealt with by machine,
leaving Avert employees free to manage the most pernicious malware they
encounter.
The massive increase in the amount of malware in the past year is due
to a number of factors, said Marcus — not the least of which is the
financial meltdown of the last half of 2008. Spammers are taking
advantage of bank and financial firm closures, using that information
in emails and phishing schemes to dupe people who are concerned about
their savings or job security.
Cybermules
Another growth area for the malware industry is turning citizens into
criminals by inviting them to participate in money laundering schemes.
Called “cybermuling,” a user is encouraged to set up a bank account
that will accept anonymous inbound financial transactions. The user
sends the money out again to a third party in the form of a money
order, effectively laundering it. In return, he receives a percentage
of the transaction. If the user is caught by the authorities, the
cybercriminal walks away, disavows the association and finds another
willing cybermule.
The scheme is particularly effective on a population that is concerned
about losing their jobs, said Marcus – it’s an easy paycheque in
troubled times.
Cybercriminals have grown in sophistication over the last few years,
said Marcus. Earlier versions of phishing sites were easier to spot.
“What CEO of a bank is going to send me an email with bad English? It
always astounded me that it worked in the first place,” said Marcus.
But spam emails and phishing websites designed to mimic legitimate
banks have taken leaps and bounds in terms of professionalism in the
last two years. No more bad English, and more polished presentation.
“It’s absolutely more important to educate (consumers) now than ever
before.”
|
