ISTR X – Malicious code and phishing
In March, 1999, an email worm named Melissa caused havoc across the Internet. I can recall hearing stories of people unplugging their mail servers because they couldn’t deal with the flood of email messages Melissa generated. Then, in 2001, two worms—Code Red and Nimda—generated so much traffic that some people disconnected their networks from the Internet in order to cope. In January, 2003, the Slammer worm caused so much traffic that it even took down banks’ ATM machines. Even though these worms all caused a lot of headaches and created headlines worldwide, with the exception of Nimda, none of them really did much other than spread.
Since Slammer, I can’t recall any other worms causing so much traffic that they’ve affected bandwidth across the Internet. Why is this? Well, I would say there are a few reasons. First and foremost, I think this change can be summed up in one word: money.
As we reported in the latest edition of the Symantec Internet Security Threat Report, we’re observing a shift away from noisy worms toward targeted Trojans. Worms that generate a lot of traffic get noticed quickly and make headlines. This means that user awareness of these threats is almost immediate, so users can take action to protect themselves. Thirty-eight of the top 50 threats between January and June, 2006, were worms (as reported by Symantec customers). Meanwhile, a Trojan targeted at a small group of users won’t be noticed as quickly, so it has a chance to do its job before users can take steps to protect themselves.
But, what is a targeted Trojan’s job? Usually it’s to steal information. Credit card numbers, online banking passwords, and even passwords for online games are targets. The longer these threats remain unnoticed, the more information they can steal—meaning more profit for their creators. Criminals have seen that they can make money online, so they are taking full advantage.
Malicious code isn’t the only field where criminals have focused their attention. Phishing continues to be a major online threat. The number of unique phishing messages detected by the Symantec probe network in the first half of 2006 increased by 81% over the last half of 2005. This means that phishers are creating more targeted messages and making messages with minor variances to bypass more basic email filtering techniques.
The most heavily phished industry in the first half of this year was the financial services industry. Financial services targets made up 84% of phishing attempts recorded by the Symantec Phish Report Network. This isn’t very surprising when you consider the quick monetary gain that can be made by criminals in a successful attack. The financial services industry includes banks, credit card companies, and online payment companies. A successful attack on one of these means that the attackers will end up with your credit card information, online banking password, or other information that can be used to steal your money.
So, just because you can spot the latest mass mailing worms in your Inbox easily and your firewall protects you against worms that exploit vulnerabilities, don’t assume you’re safe. Targeted attacks are much more difficult to spot and they’re made to look like messages and files you’d normally be expecting to receive.
Download a copy of the latest Internet Security Threat Report here.