Underground economy servers fuel identity scams, Symantec report says

COMMENT ON THIS ARTICLE

Identity thieves are offering a person’s credit-card number, date of birth and other sensitive information for as little as US$14 over the Internet, said a new report on online threats released Monday.

The data is sold on so-called “underground economy servers,” used by criminal organizations to hawk information they’ve captured through hacking, Symantec Corp. said in its Internet Security Threat Report, which tracked online trends from June to December 2006. The information can then be used for identity scams such as opening a bank account in a false name.

“U.S.-based credit cards with a card verification number were available for between US$1 to $6, while an identity — including a U.S. bank account, credit card, date of birth and government-issued identification number — was available for between $14 to $18,” the report said.

Some 51 percent of the servers hosting the information were in the U.S., in part because the growth in broadband Internet access in the U.S. has created new opportunities for criminals, Symantec said. About 86 percent of the credit and debit card numbers available on those servers were issued by U.S. banks, it said. One way that criminals have gained access to computers is by exploiting zero-day vulnerabilities, or software flaws that are being exploited as soon as they are revealed and before a patch has been released. Symantec documented 12 zero-day vulnerabilities in the period from June to December 2006. Only one was found in its two prior six-month reporting periods, the company said.

Hackers have exploited some of those vulnerabilities by creating malicious documents in Microsoft Office and other software, said Ollie Whitehouse, a security architect at Symantec.

A malicious Word or Excel document, when attached to a spam e-mail, has a greater chance of being opened by someone since it may appear legitimate and be targeted at an employee of a specific company.

While security software programs will often block executable programs attached to e-mail, common Office documents are allowed to go through, Whitehouse said.

“A business isn’t going to say ‘We will no longer accept Office documents received via email,'” Whitehouse said. “I think productivity would go through the floor at that point. Unfortunately, this is where the security requirement and the business requirement do really clash.”

A video posted on Symantec’s blog, shows a sophisticated attack where a malicious document is opened that puts a harmful executable onto the system and then opens a regular Word document. The attack is almost invisible to the user, apart from a flicker on the screen before the Word document opens.

“Office documents — PowerPoint presentations, Excel spreadsheets — and graphics like JPEGs aren’t necessarily considered malicious file formats, so the user is more inclined to open them,” Whitehouse said.

COMMENT ON THIS ARTICLE

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now