Malware grows 10-fold in 2008

Dave Marcus, director of security research and communications for
McAfee’s Avert labs, was in Toronto Dec. 9 to deliver the results of
McAfee’s “Virtual Criminology Report.” According to Marcus, Avert
detected about 150,000 pieces of malware in 2007. By mid-December 2008,
that number jumped to more than 1.4 million.

“Every single one of them is financially motivated,” said Marcus.
“Every single one of them is geared towards stealing identity
information or password information or credit card information in such
a way as to make money. It’s not written for fun anymore. Those days
are over.”


Avert’s approach

McAfee’s Canada’s general manager Ross Allen refers to Avert as the
software company’s “marines,” but there’s so much malware out there
that Avert cannot possibly assign a person to review it all. In the
past few years, McAfee has invested heavily in backend automation so
that the vast majority of malware intercepted by Avert is never seen by
human eyes. More than 90 per cent of it is dealt with by machine,
leaving Avert employees free to manage the most pernicious malware they
encounter.

The massive increase in the amount of malware in the past year is due
to a number of factors, said Marcus — not the least of which is the
financial meltdown of the last half of 2008. Spammers are taking
advantage of bank and financial firm closures, using that information
in emails and phishing schemes to dupe people who are concerned about
their savings or job security.

Cybermules

Another growth area for the malware industry is turning citizens into
criminals by inviting them to participate in money laundering schemes.
Called “cybermuling,” a user is encouraged to set up a bank account
that will accept anonymous inbound financial transactions. The user
sends the money out again to a third party in the form of a money
order, effectively laundering it. In return, he receives a percentage
of the transaction. If the user is caught by the authorities, the
cybercriminal walks away, disavows the association and finds another
willing cybermule.

The scheme is particularly effective on a population that is concerned
about losing their jobs, said Marcus ”“ it’s an easy paycheque in
troubled times.

Cybercriminals have grown in sophistication over the last few years,
said Marcus. Earlier versions of phishing sites were easier to spot.

“What CEO of a bank is going to send me an email with bad English? It
always astounded me that it worked in the first place,” said Marcus.

But spam emails and phishing websites designed to mimic legitimate
banks have taken leaps and bounds in terms of professionalism in the
last two years. No more bad English, and more polished presentation.
“It’s absolutely more important to educate (consumers) now than ever
before.”

One of the main reasons that spam and phishing sites are growing
unchecked is that the issue has fallen off the radar for a lot of
countries.

According to McAfee’s Virtual Criminology Report: “Despite the evident
increasing risk to national security, governments are still floundering
at the first hurdle when it comes to cybercrime. They are failing to
view cybersecurity as a priority due to technical ignorance and lack of
foresight of the widespread and longer term risks and are neglecting to
prioritize legislative time and resources to it.”

The report singles out the U.K. government as a key offender, arguing
that more attention was paid to the cybercrime issue in the Tony Blair
administration of the late 90’s than it is today.

There is hope, said Marcus. Spam levels experienced a brief dip, thanks
to the November takedown of the McColo Corp., a California ISP that was
shutdown when security researchers established a link between it and
known cybercriminals. According to reports, global spam decreased 42
per cent the day McColo was shut down.

Since then, global spam levels have begun to creep back up to
pre-November levels. McColo is unusual in that it’s an American outfit
Most illegal spamming operations operate outside North America ”“ the
majority reside in Russia and China. There is a need for more
international co-operation and comprehensive legislation if the
situation is to shown any sustainable improvement, said Marcus.

In the meantime, he said, users should take note arm themselves with a
reliable anti-malware tool and be aware that Internet schemes are too
good to be true.