Cyber Crime 2.0
Thursday, December 20, 2007; 1:00 PM
The year 2007 may go down in the annals of Internet crime as the year when organized cyber criminals finally got serious about their marketing strategies -- crafting cyber schemes that were significantly more sophisticated and stealthy.
Security experts say criminals are increasingly trying to ensnare Internet users by lurking on familiar Web sites and using purloined data to craft scam e-mails that are more believable, and thus more likely to entice an unsuspecting user.
"The attackers are now following the same path that businesses have, in trying to advertise themselves in their own special way on the more popular Web sites," said Tom Liston, an incident handler at the Bethesda, Md.-based SANS Internet Storm Center and a senior security consultant with Intelguardians, a Washington-based Internet security consulting group. "They're doing exactly what every business tries to do, which is to find innovative ways get themselves out in front of as many eyeballs as possible."
With more computer users than ever guarding their systems with anti-virus, firewall and other security software, Internet criminals have concentrated their efforts on tricking users into opening "backdoors" into their own systems. Most often this means convincing users to view malicious video or audio content on a Web site that takes advantage of security holes in the user's Web browser or media player, flaws which in turn give criminals the access they need to install software to control the user's machine remotely.
In wave after successful wave of attacks throughout 2007, virus writers found ways to stitch malicious videos and images into trusted, high-traffic sites like MySpace.com and YouTube.com. In several incidents, intruders slipped poisoned images into online banner advertisement networks used by a number of major Web sites, including Photobucket.com and social-networking site Bebo.com.
Attackers also excelled this year at timing attacks with holidays or major events. The day before Superbowl XLI, for example, hackers infiltrated the Web site for Dolphins Stadium, which hosted the big game. Visitors who surfed the site without the latest Web browser software security updates had spyware quietly installed onto their PCs.
On "Cyber Monday," the day following Thanksgiving weekend that is typically one of the largest online shopping days of the year, researchers at Clearwater, Fla.-based security firm Sunbelt Software discovered that more than 40,000 Web sites had been created and populated with fake search terms for the sole purpose of increasing their page ranking when Google users searched for any of the words listed in the bogus pages -- words that included a number of popular holiday gadget gifts. All of the sites tried to silently install invasive programs on any visitor's machine.
Sunbelt Chief Executive Alex Eckelberry said Google responded quickly by removing all of the offending sites from its directory, but he believes the perpetrators of that attack will strike again soon.
"I think these guys will keep trying to cheat Google," Eckelberry said. "It was amazing to see these results coming up so high in the Google search terms. We really have our work cut out for us as malware researchers next year."
Dan Hubbard, senior director of security and technology at Websense, a San Diego-based Web filtering software firm, worries that in 2008 cyber crooks will begin purchasing ads and keywords on search engines to increase their exposure and lure greater numbers of Web surfers to malicious sites.
The Spam Storm
When it comes to malware marketing savvy and timing, few cyber crime operations of 2007 can hold a candle to the individual or group behind the "Storm worm." The e-mail borne Trojan horse program earned the moniker after its debut in January; the worm came disguised as videos with footage of the destruction wrought by violent storms that were lashing the coast of Europe at the time.
Millions of curious e-mail users fell for the ruse, infecting their computers with programs that gave the Storm author(s) full control to use them to send even more spam and infect more computers. And with each passing week, messages containing the Storm worm featured updated lures frequently coinciding with a holiday or another big news event.