Rogue security software programs, also known as misleading applications or scareware, are programs that pretend to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provide the user with little or no protection whatsoever. Well known examples of rogue security software include AntiVirus 2009, Malware Defender 2009, and System Guard 2009.
The recently published Symantec Report on Rogue Security Software includes a discussion on a number of servers that Symantec observed hosting these misleading applications from July to August 2009....
The prevalence of Web-based applications and the ease of which these applications can be exploited using vulnerabilities have contributed to the widespread nature of Web-based attacks. Attackers can successfully reach and compromise a massive number of targets, and this remains as the source of motivation behind Web-based attacks. Attackers who wish to take advantage of client-side vulnerabilities no longer need to actively compromise or break into specific networks to gain access to those computers. Instead, by attacking websites, attackers can use them as means to mount client-side attacks.
An attacker can exploit any number of Web application vulnerabilities, such as SQL injection vulnerabilities, to help mount their Web-based attack. Surprisingly, many of these vulnerabilities are not used to directly compromise enterprise data assets or gain access to sensitive information. They are used simply as a way of injecting malicious content into websites as a means of...
Underground economy servers are black market forums used to advertise and traffic stolen information. The information can include government-issued identification numbers such as Social Security numbers, credit card information, bank accounts credentials, personal identification numbers, email address lists, and email accounts. They can also provide services to facilitate these illegal activities and can include cashiers who withdraw funds from the stolen accounts, scam page hosting, and job advertisements for roles such as scam developers or phishing partners.
Symantec's Report on the Underground Economy shows that there are a wide variety of goods and services being advertised on underground economy servers, and many of these goods and services form a self-sustaining marketplace. Participants in this fraud can obtain goods by a variety of means; credit card and banking...
The costs of most goods are so much higher than they were 30 years ago. Back then, cars were under $10,000 (I remember this because the Price is Right only had four missing digits in their Lucky Seven game). You could feed a family of four for $10 and even have change left over to buy a 25 cent candy bar. But what can you buy for $10 in 2008? I could buy just under three gallons of gas for my car, which would probably last me a couple of days. I could buy lunch at the local sushi place but only lunch since there wouldn't be enough left to buy something to drink. Or, I could buy 10 United States identities.
On underground economy servers, criminals sell a variety of illegal goods and services including bank account credentials, credit card numbers, and full identities. Typically, these goods are used for identity theft related activities. In the...
Volume XIII of the Symantec Internet Security Threat Report shows that, on a global scale, overall malicious activity seems to be relatively static, with the countries listed in the top 20 unchanged from the first half of 2007. It appears that once an attack infrastructure is established in a country, it becomes entrenched and is difficult to remove. Although malicious tools and methods may change, the proportion of malicious activity that originates within a country tends not to change dramatically. And, as was again observed in the second half of 2007, these types of activities continued the trend towards big money, with attackers switching their tactics to more effective profit-generating schemes.
This trend is further highlighted by the distribution of goods and services advertised on underground economy servers. Underground economy servers are...
