This malware’s especially for you

As the economy worsens, malware authors will increasingly turn to tactics that prey on users financial malaise, according to a report by antivirus firm McAfee Inc.

It’s just one of a number of disturbing trends outlined in McAfee’s 2009 Threat Predicitions report. Among others are increasingly personalized exploits, sophisticated back-end routing and USB autorun threats, according to the report.

David Marcus, security research manager for McAfee’s Avert Labs, said that combining a population concerned about where its next paycheque is coming from and an underground industry that’s all about making money is a recipe for a tactical change in the malware game.

“When people aren’t aware of those two things, they end up clicking things they shouldn’t click,” Marcus said.

It’s old-fashioned social engineering: Economic messages, money-making schemes and the like are resonating with an increasingly worried population.

And phishing exploits are becoming more sophisticated. Attacks in the guise of e-mail messages from banks, for example, are replete with accurate branding, said Maura Drew-Lytle, spokeswoman for the Canadian Bankers Association. Often, clicking on the privacy policy link will lead to the bank’s actual privacy policy page.

“People should use a healthy sense of skepticism,” Drew-Lytle said. “Does it make sense for your bank to e-mail you to confirm personal information? They already have that.”

A bank might telephone a client, for example if there’s a suspicious transaction on the account, and ask a personal question to ensure it’s the right person on the line, Drew Lytle said.

There are other tip-offs. “(Phishing e-mail messages) usually have a sense of urgency. They want you to respond immediately. They generally aren’t personalized,” she said.


But Internet-hosted malware can be very personalized, Marcus said. Cloud-hosted threats are increasing, and with that increase comes an endless variety of threats customized to the user, Marcus said.

Whereas two years ago, attachments were most often the culprit, rigged Web sites with sophisticated back-end management allow malware authors to rebuild binaries with every screen refresh, he said. Exploits are becoming language-, region- and event-specific — for example, football-oriented scams in European countries. This is possible by using browser validation techniques.

“You can tell a lot when you query the IE (Internet Explorer) browser,” Marcus said.

And, according to the report, malicious Web sites can target users browsers like Microsoft Corp.’s Internet Explorer, associated with novice users, but return missing or innocuous pages with a more secure browser like The Mozilla Foundation’s Firefox.

“There’s something to be said for their increasing sophistication,” Marcus said. Several years ago, phishing and other exploit attempts were so poorly written, he wondered how anyone could fall for them at all.

And the old sneakernet threat – once associated with infected floppy disks – is back with a vengeance with the proliferation of USB keys in the enterprise.

“You have a lot of environments…where the use of USB and flash (memory) is unfettered,” he said. Exploits like Downadup and Conficker are designed to replicate themselves and survive. “Autorun viruses are in the Top 5 every day,” Marcus said.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now