Monday, September 27, 2010

Spam with a Malicious Twist

The increase of junk mail, or spam, in people's inboxes may have more sinister roots.

This is according to Fred Mitchell, Symantec business unit manager at Drive Control Corporation (DCC).

His theory as to why spam is increasing is that malware authors want to entice users into clicking on links to install some form of malicious code onto a machine. This compromises its security and makes it vulnerable to attacks, leaving one's personal information such as credit card details open to abuse.

“In the past, malware was simply created by people looking for fame or notoriety, but in today's world, malware has become a very profitable industry backed by a strong business model,” says Mitchell.

“The distribution of malware has evolved from exploiting weaknesses on the server side, which has reduced due to better security, to attacking the client side and using classic social engineering.“

When opening a junk e-mail, such as one labelled 'Your SARS tax refund', for example, a user merely needs to visit the infected Web site, click on an infected link, or open an infected e-mail attachment for infection to take place, he explains.

“The distribution model is known as pay-per-install, and the way that this million-dollar industry works is very simple,” Mitchell says. The model is based on revenue sharing and commission – “much like the pyramid schemes that proliferated in the 90s”.

Authors of the malware may not have the resources to distribute on a large scale, but instead may act as kingpins in the scheme, broadcasting the malicious software through a network of affiliates who get paid for every successful install on a victim's computer, he says.

Kingpins are paid to send spam, distribute scareware products, or steal credit card details and other credentials from or through infected machines, Mitchell explains.

While security vendors try to keep up with the changing nature of malware, authors are at the same time continuously changing the threats in order to avoid detection.

“As soon as one threat is detected, the author simply creates another new one,” says Mitchell.

No application is safe, he warns.

File sharing networks such as BitTorrent, search engine keywords, e-mails or links on blogs and messaging forums with tempting content and social networks are being used to entice users to click on a link or invite all their friends to play an online game, which then infects the machine.

“It is simply not enough to rely on security software,” says Mitchell. “People need to be aware and arm themselves with knowledge of how these malicious tools are distributed so they can avoid falling victim to them.”

IT Web

No comments:

Post a Comment