Internet Crime on the rise and deadlier than ever

Ted Richardson: Panda Software recently issued its quarterly report, which comes to the frightening conclusion that 70 percent of all malware they detected in the first quarter of 2006 is related to cyber crime. Activity also seems to have hit record numbers!

Here is their summary:

This report confirms the new malware dynamic based on generating financial returns. Spyware, Trojans, bots and dialers were the most frequently detected types of malware between January and March 2006. Trojans accounted for 47 percent of new malware examples during the first quarter of 2006.

Seventy percent of malware detected during the first quarter of 2006 was related to cyber crime and more specifically, to generating financial returns. This is one of the conclusions of the newly published PandaLabs report, which offers a global vision of malware activity over the first three months of the year. Similarly, the report offers a day by day analysis of the most important events in this area.

Since this statistic interested me, I jumped over to the Anti-Phishing Working Group’s page to see what they had to say. Please note that Panda, along with Websense and MarkMonitor share information with the APWG. They confirmed Panda’s report that crime on the Internet seems to be at an all time high [pdf].

Here is a tickler from their report:

The total number of unique phishing reports submitted to APWG in March 2006 was 18,480, the most reports ever recorded. This is a count of unique phishing email reports. March 2006 continues the trend of more phishing attacks and more phishing sites. The IRS phishing attack doubled in volume in March as compared to February (in the USA, the tax filing deadline was April 17 in 2006, as the usual April 15 deadline fell on a weekend this year.)

Two of the most concerning forms of malware being used are Keyloggers and Redirectors. Keyloggers are spyware, which record all the strokes on a computer and transmit them to back to the person (criminal), who secretly placed them on a system. They are normally used to steal financial information to be used in identity theft schemes.

Sadly enough, Keyloggers are legal and easily bought anywhere, including the Internet. They allegedly have legitimate uses like spying on other people?

Perhaps, the FTC should go after some of these vendors like they recently did with the Private Investigators ?

• How to Avoid Phishing Scams
• What To Do If You’ve Given Out Your Personal Financial Information

You can also report activity to the APWG. Activity can also be reported to PIRT, which is a joint venture by Sunbelt Software and CastleCops.

Another resource to report activity is the Internet Crime Complaint Center, which is associated with the FBI. You can report it a lot of places, but it is important to report it. If everyone took the time to report one phishy email a day, it would probably have a significant impact.

This probably wouldn’t be hard to do, I receive a number of phishing attempts every time I open my email. In most cases, it takes less than a minute to send it off to one of the above mentioned resources.

By reporting the activity that we see and taking advantage of the mostly volunteer efforts to fight it, we might make the Internet a safe place for everyone again. As access becomes cheaper and more widespread, the number of potential victims is growing at a record rate.

Continuing to ignore all those “Phishy” e-mails will only encourage the Phishermen to move forward with greater frequency. Additionally, the attacks are becoming more sophisticated and how to kits are being sold on how to do these dirty deeds. This will undoubtedly bring more and more Phishermen to the (already) murky waters of the Internet.

Of course, we can also take the time to educate newer users, also. In fact, awareness protects people more effectively than anything I’ve seen, thus far.

Full Story »