Report: The "Web" Has NEVER Been More Dangerous!

APWG Report: The "Web" Has Never Been More Dangerous

Rogue Anti-Malware Programs, Infected Computers and Crimeware Break New Barriers as Electronic Crime’s Sophistication and Ambition Grows Unchecked



eCrime Congress | Tacoma



LOS ALTOS, Calif. and CAMBRIDGE, Mass.--PIN Payments News Blog--The APWG’s latest Phishing Activity Trends Report illustrates electronic crime’s innovation and apparently unchecked ambition with new records being reached for such felonious instrumentation as rogue anti-virus software, phishing websites and crimeware designed to target financial institutions’ customers.



The APWG H1, 2009 report found that the numbers of detected rogue anti-malware programs, fake security software that actually infects computers to animate assorted electronic crimes, grew 585 percent between January and the end of June 2009.



The number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007’s record of 55,643, and the second-highest recorded since APWG began reporting this measurement.



The number of hijacked brands ascended to an all-time high of 310 in March and remained, in historical context, at an elevated level to the close of the half in June.

The full report is available here: http://www.antiphishing.org/reports/apwg_report_h1_2009.pdf



APWG Chairman David Jevans said, “The Internet (Editor's Note:  The Internet isn't the problem, it's the WEB, there's a big difference and it's important to make that distinction) has never been more dangerous. In the first half of 2009, phishing escalated to some of the highest levels we've ever seen.  Back to the difference...quickly:

Of even greater concern is the skyrocketing sophistication and proliferation of malicious software designed to steal online passwords and user names.

Editor's Told Ya:  Told Ya!!!  (May 10th)

Online Banking’s Innate Security Flaws June 3rd: 

Editor's Told Ya 2: Don't Say I Didn't Warn You on Dangers of Online Banking!



The Next Question is whether banks will be held liable... Is Logging In with Username/Password "Careless and Negligent?"

New malicious software such as the Zeus trojan, exhibit a level of sophistication that would make the best software programmers envious.” Editor's Note: I think that URLZone would make the Zeus programmer envious!

Indeed, APWG Trends Report correspondents at Panda Labs’ research detected 152,197 different strains of rogue anti-malware in June, 2009, soaring from just 22,218 in January, 2009.   According to Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst, rogue anti-malware program proliferation “is experiencing an exponential growth.

In the first quarter of 2009 alone, more new strains were created than in all of 2008. The second quarter painted an even bleaker picture, with the emergence of four times as many samples as in all of 2008.

The primary reason for the creation of so many variants is to avoid signature-based detection by legitimate antivirus programs.”  In addition, the number of unique brand-domain pairs (indicative of the general number of unique URLs that occur per domain) rose to an all time high of 21,085 in June, increasing 92 per cent from January’s reported 10,980.



Blake Hayward, Vice President, Product Marketing, MarkMonitor and APWG Trends Report contributing analyst said, “In Q2 we experienced a marked increase in phishing activity with record high brand-domain pairs and a near new high total unique phishing URL’s detected. This increase in phishing activity can be attributed to more fast-flux phishing attacks.”

With this issue of the APWG Trends Report, a new metric has been added, using data contributed by Websense, measuring proliferation of three categories of malevolent software: Crimeware (code designed to victimize financial institutions’ customers); Data Stealing and Generic Trojans (designed to send information from the infected machine, control it, and open backdoors on it); and Other (commonly auto-replicating worms, dialers for telephone charge-back scams, etc.)



According to Dan Hubbard, APWG Trends Report contributing analyst and Websense Chief Technology Officer, “Due to evolution of attack sophistication, it is becoming increasingly difficult to separate and report on attacks that are specifically designed to steal customer banking information.  Additionally, attacks that only look for credentials from popular social networking, web mail, and even gaming sites, can lead to attacks for banking theft and crimeware.”   This metric replaces counts of "Password-Stealing Malicious Code URLs" and "Password Stealing Malicious Code - Unique Applications" which, due to incongruent sources and counting methods became systematically unreliable. (Translation: There are so many avenues used by Hackers to steal our banking information, that they can't keep count.  Therefore,  Our Chances to Defeat Hackers are: SLIM and NONE!...SLIM, being HomeATM's PCI 2.x Certified PIN Entry Device.



Highlights of the H1, 2009 Phishing Activity Trends Report include:



● Unique phishing reports submitted to APWG recorded a high of 37,165 in May, around 7 per cent higher than last year’s high of 34,758 in October.

●The number of unique phishing websites detected in June rose to 49,084, the highest recorded since April, 2007’s record of 55,643.

● The number of banking trojan/password-stealing crimeware infections detected increased during more than 186 percent between Q4, 2008 and Q2, 2009.

● The total number of infected computers rose more than 66 percent between Q4 2008 and the end of the half, 2009 to 11,937,944 – now more than 54 percent of the total sample of scanned computers.

● Payment Services became phishing’s most targeted sector, displacing Financial Services in Q1 & Q2.

The results of the half-year report are of grave concern to the global membership of the APWG and the research centers, treaty organizations, law enforcement agencies, government agencies and industry associations with which the APWG corresponds.



Those members and researchers from around the world will be considering the results of the H1, 2009 report at the eCrime Congress | Tacoma on Oct. 19-21, a three-day event that combines the APWG’s General Members’ Meeting (member-restricted) on the 19th and the eCrime Researchers Summit on the 20th and 21st, (open to the public) a peer-reviewed research conference on electronic crime that the APWG holds annually in conjunctions with the IEEE Standards Association.

The conference agenda is here: http://www.antiphishing.org/events/2009_gm.html

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,300 members. The APWG's Web site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. 

Related articles by Zemanta

• Online Banking Trojans Infesting the Web (pindebit.blogspot.com)


• Consumers Fearful About Online Banking Risks (pindebit.blogspot.com)


• Online Banking's Innate Security Flaws (information-security-resources.com)


• Password, Username Stealing Malware Volume Jumps 400% (pindebit.blogspot.com)


• Clampi strikes again: $350k stolen from Chicago-area school district (pindebit.blogspot.com)


• Game Over! Hackers Win! (pindebit.blogspot.com)