 |
|
|
| News archive about antivirus software, virus threats, trojans |
|
April 2006
Phishing at record levels in March -- Posted by Igor_Donchenko on Friday, April 28 2006
The monthly report for March by the Anti-Phishing Working Group shows that phishing activity remains at very high levels. The number of attacks has for the first time in history passed the 18,000 mark and reached an all-time high of 18480 registered unique phishing reports. Overall the number of attacks so far this year has not gone below 17,000, which in itself is higher than the number of attacks in any given month in 2005.
The number of unique phishing websites found by APWG has also risen to 9666, but did not reach the record level of 9715 phishing clone sites set in January. An interesting fact here is that the number of unique phishing sites has grown nearly two-fold from an average of 4,000 in 2005, but the number of attacks has not risen as dramatically to about 17,000 from 14,000. This might indicate that phishing sites are being closed down faster and phishers do not get the opportunity to use their clone sites for long, thus needing more and more sites to keep the number of attacks at the same level.
Another interesting aspect of the March report is that the number of brands used by phishers as their cover has decreased significantly, going from 105 in February to just 70. The financial sector remains the largest targeted industry group by far with 90% of the share. The USA also remains the largest single hoster for phishing sites with 35% of sites based there. China consolidates its second spot ahead of South Korea, but its share drops significantly from 18% in February to “just” 12%, while France drops out of the top 10 altogether.
Phishers also readily pounced on the browser vulnerabilities that were reported in March. They exploited the widely publicised “zero-day” vulnerability in Microsoft Internet Explorer by luring users to infected sites that contained all sorts of malware ready for surreptitious downloading. One of the more creative attacks involved sending victims a link to a BBC look-alike page that contained an exploit for the then-unpatched createTextRange vulnerability in Internet Explorer.
Another new type of phishing attack was recently reported by security firm Cloudmark, which claims that VoIP technology is now used by phishers. In this new type of attack scammers send an email that contains a telephone number accessible via a VoIP service. The victim is then connected to a line that sounds like their telephone banking service and is prompted to verify personal details. So far Cloudmark has discovered two attacks that use this scheme.
Source: http://www.viruslist.com
|
Sudoku game installs spyware on computers -- Posted by Igor_Donchenko on Tuesday, April 11 2006
04/04/06.- Several web pages -mainly with pornographic or illegal content- are downloading spyware programs onto the computers of visitors to the sites without their consent. These web pages are designed to exploit different software vulnerabilities in order to install malware automatically on systems.
One of these programs is particularly dangerous due to its enticing bait: A sudoku puzzle. The application in fact operates perfectly, allowing users to play the game. However, without users knowing, every time the application is opened, it downloads YazzleSudoku, a type of spyware, onto the computer.
Once YazzleSudoku is installed on a computer, it creates several Windows registry entries in order to ensure it remains active. Similarly, it generates a series of files that it needs to operate, with names such as RL_SudokuInstaller.rar.lnk, or Yazzle Sudoku. Then, from time to time, YazzleSudoku displays advertising messages on screen
It is important to note that when starting to play the game, users are warned that spyware will be installed. If the user agrees, the spyware will be installed on the computer. However, if users do not agree, they will not be able to use the sudoku program.
According to Luis Corrons, director of PandaLabs: "Spyware is, without a doubt, one of the major threats to users. This type of malware clearly conforms to the current objective of malware creators: earning money. Nevertheless, as the effects of spyware are not particularly obvious and do not appear to be dangerous, many users do not treat spyware with the respect it deserves. This however is a mistake, as spyware does not just slow down systems and cause errors, it also intrudes upon the privacy of users who should not consent to its installation."
Source: http://www.pandasoftware.com
|
|
