This malware’s especially for you

As the economy worsens, malware authors will increasingly turn to tactics that prey on users financial malaise, according to a report by antivirus firm McAfee Inc.

It’s just one of a number of disturbing trends outlined in McAfee’s 2009 Threat Predicitions report. Among others are increasingly personalized exploits, sophisticated back-end routing and USB autorun threats, according to the report.

David Marcus, security research manager for McAfee’s Avert Labs, said that combining a population concerned about where its next paycheque is coming from and an underground industry that’s all about making money is a recipe for a tactical change in the malware game.

“When people aren’t aware of those two things, they end up clicking things they shouldn’t click,” Marcus said.

It’s old-fashioned social engineering: Economic messages, money-making schemes and the like are resonating with an increasingly worried population.

And phishing exploits are becoming more sophisticated. Attacks in the guise of e-mail messages from banks, for example, are replete with accurate branding, said Maura Drew-Lytle, spokeswoman for the Canadian Bankers Association. Often, clicking on the privacy policy link will lead to the bank’s actual privacy policy page.

“People should use a healthy sense of skepticism,” Drew-Lytle said. “Does it make sense for your bank to e-mail you to confirm personal information? They already have that.”

A bank might telephone a client, for example if there’s a suspicious transaction on the account, and ask a personal question to ensure it’s the right person on the line, Drew Lytle said.

There are other tip-offs. “(Phishing e-mail messages) usually have a sense of urgency. They want you to respond immediately. They generally aren’t personalized,” she said.

READ CBA’s SAFETY TIPS FORPHISHINGANDVISHING

But Internet-hosted malware can be very personalized, Marcus said. Cloud-hosted threats are increasing, and with that increase comes an endless variety of threats customized to the user, Marcus said.

Whereas two years ago, attachments were most often the culprit, rigged Web sites with sophisticated back-end management allow malware authors to rebuild binaries with every screen refresh, he said. Exploits are becoming language-, region- and event-specific — for example, football-oriented scams in European countries. This is possible by using browser validation techniques.

“You can tell a lot when you query the IE (Internet Explorer) browser,” Marcus said.

And, according to the report, malicious Web sites can target users browsers like Microsoft Corp.’s Internet Explorer, associated with novice users, but return missing or innocuous pages with a more secure browser like The Mozilla Foundation’s Firefox.

“There’s something to be said for their increasing sophistication,” Marcus said. Several years ago, phishing and other exploit attempts were so poorly written, he wondered how anyone could fall for them at all.

And the old sneakernet threat – once associated with infected floppy disks – is back with a vengeance with the proliferation of USB keys in the enterprise.

“You have a lot of environments…where the use of USB and flash (memory) is unfettered,” he said. Exploits like Downadup and Conficker are designed to replicate themselves and survive. “Autorun viruses are in the Top 5 every day,” Marcus said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Dave Webb
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now