Cisco Systems Inc. presented its first-ever Cybercrime Showcase awards as part of its 2009 Annual Security Report, released Tuesday.
Zeus: the most audacious criminal operation
Designed for information stealing and specializing in online banking fraud, Zeus is a shrink-wrapped piece of malware that any criminal is able to buy, explained Henry Stern, senior security researcher at Cisco. Some vendors are selling it as service for about $700 a month, he said.
“We’ve decided it was the most audacious because of how prominent and just how active people have been with selling this software. There are a large number of gangs that are all using the same piece of software,” he said.
The top five U.S. banks have each been targeted by over 500 Zeus botnets, according to Cisco, which also estimates 1.6 million bots in Zeus botnets.
Zeus has also targeted 1,130 brands, noted Scott Olechowski, security research manager at Cisco, during a Webcast discussing the results of Cisco’s 40-page report. Custom screen injection code, which requests additional authentication information from users, has been written for these sites, he said.
Koobface: the most notable criminal innovation
Koobface is a piece of malware that takes over a user’s social networking account, explained Stern. “As soon as you get infected, it will send messages to all of your friends and it will try to lure them into becoming infected as well,” he said.
People are more vulnerable to Koobface than previous lures mimicking e-mails from organizations or strangers because the messages seem to come from friends they already trust, he explained. “The click-through rates are quite high,” he said.
The messages contain links sending users to Web pages resembling YouTube or other social networking sites. “It looks like you are at the actual site but it claims that your Web browser is broken and you need install an update and it does it in a way that users are accustomed to seeing, which makes it successful,” said Stern.
“They are masters of social engineering,” he said.
Koobface spells Facebook backwards, but its attacks include Twitter, MySpace and Google Reader, Stern pointed out. One of the reasons Koobface won the innovation award is because it has infected all the major social networking sites, he said.
“They’ve attacked everything … with the same technique and they’ve monetized on it in the same way that many other criminal organizations have been doing by selling fake anti-virus software that claims you are infected when you are really not,” said Stern.