| Page 3 of 3 < |
Cyber Crime 2.0
|
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
Not all authors of phishing scams are after financial data. Some of this year's most insidious phishing attacks targeted companies that hold huge repositories of professional contact information, data that can be recycled and resold for use in future phishing attacks. In mid-August, Monster.com said phishers gained access to the names, e-mail addresses and resumes of more than 1.6 million job seekers. Many of those Monster.com users subsequently received targeted malware attacks via e-mail that addressed them by name and claimed to come from Monster.com.
In November, software-as-a-service giant Salesforce.com acknowledged that phishers had made off with the contact information of its customers. Scammers later used that information to send personalized malware-laden e-mails to more than 40,000 customers of SunTrust bank, among several other financial institutions.
Dean Turner, director at Symantec Security Response, said he expects that phishers soon will begin turning their attention to spoofing the Web sites and e-mail communications of political candidates as the 2008 presidential election cycle swings into high gear.
In the 2004 presidential race, online criminals spoofed the fundraising page of Sen. John Edwards. In a separate string of incidents, credit card thieves made thousands of tiny 5-cent donations at Democratic presidential hopeful John Kerry's site to test whether stolen cards were still active.
"The opportunity for fraud is pretty rampant with [political fundraising] sites, and I think we can expect to see more scams and frauds taking advantage of that," Turner said.
Mac Attacks
Several security experts said they expect to see malware authors pursuing Mac and iPhone users in 2008, in part because of the growing popularity of the Apple product line makes it a potentially more attractive and lucrative target. In a survey published this month by research firm ChangeWave, 29 percent of consumers polled said they planned to buy a Mac over the next 90 days. Apple currently holds about seven percent of the U.S. consumer computer market, according to research firm IDC.
In September, security experts warned that a new piece of malware which previously only targeted Windows users had been redesigned to infect Mac systems as well. Disguised as a "video codec" supposedly needed to view copy-protected online media, "Trojan.DNSChanger" silently alters the computer's settings in such a way that if the victim types "www.paypal.com," the attackers could route the victim to a fake PayPal Web site set up to steal their personal and financial data.
Researchers from Sunbelt Software and anti-virus maker McAfee have tracked multiple Web site attacks that employed the Trojan, which is thought to be written by the same group behind the "Zlob" Trojan, one of 2007 most prolific families of malicious software.
"The interesting thing is that this DNSChanger for Mac was produced by people who really know how to write malware," said Dave Marcus, security research and communications manager for McAfee AVERT Labs. "This takes us to a level of professionalization that we haven't yet seen in the Mac world."
