Phishing is an attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking (spoofing) a specific, usually well known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts.
During the second half of 2007, the majority of brands targeted by phishing attacks were in the financial services sector, accounting for 80 percent. This is virtually unchanged from the 79 percent reported in the first half of 2007. The financial services sector also accounted for the highest volume of phishing Web sites during this period, at 66 percent, down slightly from 72 percent in the first half of 2007. Since most phishing activity pursues financial gain, successful attacks using brands in this sector are most likely to yield profitable data, such...
In late May 2007, the MPack attack kit was first observed in the wild. This kit relied on compromised Web pages to redirect users to an MPack server that attempted to exploit Web browser and plug-in vulnerabilities in order to install malicious code on computers. MPack experienced great success because it took advantage of the trust many users place in certain Web sites. Since the Web browser is the primary gateway to the Internet for most users, Web pages that they visit frequently—such as online forums and other Internet communities—are a useful means of compromising computers for attackers.
Because of the success of kits like MPack and Ice-Pack, it seems that malicious code authors have begun to incorporate similar features in the threats they create. In the current period, seven percent of the volume of the top 50 malicious...
With the launch of volume XIII of the Symantec Internet Security Threat Report (ISTR), I’d like to discuss some of the highlights we’ve seen in vulnerability trends for the last six months of 2007.
Zero-days in regional applications
During the last six months of 2007, Symantec observed a trend towards zero-day vulnerabilities that target applications in China and Japan. Of the nine zero-day vulnerabilities tracked during this period, seven affected popular Japanese and Chinese applications, such as JustSystem Ichitaro, Lhaz, GlobalLink, SSReader Ultra Star Reader, and Xunlei Web Thunder. This is a change from previous periods, where we saw attackers concentrate on vulnerabilities in Microsoft Office. It will be interesting to see if attackers continue to focus on region-specific applications. So far this year, we’ve already seen a zero-day attack targeting the Lianzong game platform. However, we’ve also seen a zero-day targeting Microsoft Excel.
Volume XIII of the Symantec Internet Security Threat Report shows that, on a global scale, overall malicious activity seems to be relatively static, with the countries listed in the top 20 unchanged from the first half of 2007. It appears that once an attack infrastructure is established in a country, it becomes entrenched and is difficult to remove. Although malicious tools and methods may change, the proportion of malicious activity that originates within a country tends not to change dramatically. And, as was again observed in the second half of 2007, these types of activities continued the trend towards big money, with attackers switching their tactics to more effective profit-generating schemes.
This trend is further highlighted by the distribution of goods and services advertised on underground economy servers. Underground economy servers are...
