The Symantec Report on Rogue Security Software includes an in-depth analysis of the methods scammers use to distribute rogue security applications. This blog presents some of the highlights of the research into the distribution of these scams.
In the report, the following distribution and advertising trends were observed:
• Ninety-three percent of the top 50 most prevalent rogue security applications were distributed as intentional downloads. This means that victims are tricked into believing they are downloading legitimate security software and subsequently installing the rogue application.
• Seventy-six percent of the top 50 most prevalent rogue security applications were classified as unintentional downloads. This means that the software may be installed unintentionally through drive-by downloads or...
The newly released Symantec Report on the Underground Economy discusses a number of topics, including the supply and demand of goods and services that were advertised for sale in the underground economy. This information was gathered by monitoring various IRC channels devoted to the commerce of these good and services. In particular, I’d like to highlight some of the things we observed in analyzing the trade in malicious tools.
One of the things we observed is that the underground economy is self-sufficient. What this means is that the tools necessary to produce goods and services are also available for sale in the underground economy. This indicates that the market has matured enough that productivity gains can occur through the division of labor; i.e., the economy makes it viable for individuals to increasingly specialize in the tasks they excel at. This is where...
With the launch of volume XIII of the Symantec Internet Security Threat Report (ISTR), I’d like to discuss some of the highlights we’ve seen in vulnerability trends for the last six months of 2007.
Zero-days in regional applications
During the last six months of 2007, Symantec observed a trend towards zero-day vulnerabilities that target applications in China and Japan. Of the nine zero-day vulnerabilities tracked during this period, seven affected popular Japanese and Chinese applications, such as JustSystem Ichitaro, Lhaz, GlobalLink, SSReader Ultra Star Reader, and Xunlei Web Thunder. This is a change from previous periods, where we saw attackers concentrate on vulnerabilities in Microsoft Office. It will be interesting to see if attackers continue to focus on region-specific applications. So far this year, we’ve already seen a zero-day attack targeting the Lianzong game platform. However, we’ve also seen a zero-day targeting Microsoft Excel.
