Microsoft has documented a steady rise in the number of attacks targeting social networks in 2010, fueled by a variety of phishing and social engineering tactics that attempt to steal account credentials from unsuspecting victims.
The final four months of the year showed signs of a strong and sustained phishing campaign or campaigns against social networks.
Jeff Williams, principal group program manager, Microsoft Malware Protection Center
The Microsoft Security Intelligence Report, volume 10, was issued Thursday and draws from data pulled from Microsoft’s customer base as well as partners and Internet service providers. The report found a steady increase in social engineering attacks and an influx of rogue security software, designed to trick users into installing phony antivirus programs containing keyloggers, backdoors and other nasty malware.
“We see many attacks targeting the username and passwords of social networking users,” said Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center (MMPC) in a conference call with reporters. “These are passwords that they might be using for other sites, such as financial sites.”
Williams said email providers, social networks and other online communities have made blocking spam, phishing and other email threats a top priority, but it’s not stopping attackers from increasing their barrage of attacks. The passwords and credentials can be stolen and turned into cash on the black market. The recent Verizon Data Breach Investigations report found the value of stolen credit card data falling, while the value of stolen account credentials are significantly increasing.
Microsoft said it found evidence of phishers shifting from financial sites to social networks to steal account credentials. Phishing Impressions from social networks –a single instance of a user attempting to visit a known phishing site—increased from a low of 8.3% of all impressions in January 2010, to a high of 84.5% of impressions in December.
“The final four months of the year showed signs of a strong and sustained phishing campaign or campaigns against social networks,” Williams said.
Phishing attacks provide attackers a routinely high number of impressions due to the increased levels of trust consumers have while on a social network. The rise in social networking attacks also may be attributed to the increased popularity of sites like Facebook and Twitter.
In addition, attackers are continuing a barrage of phishing attacks on gaming sites and financial websites. While phishing is a relatively unsophisticated attack, cybercriminals have successfully used it in a number of high-profile data breaches. Spear phishing, a more targeted form of phishing, was used to gain a point of entry in the recent RSA SecurID breach, as well as the Google Aurora attacks in 2010.
Gaming sites see sporadic increases throughout the year because they offer criminals an opportunity to monetize stolen data in a variety of different ways, according to Williams. Impressions that targeted gaming sites reached a high of 16.7% of all impressions in June 2010, before dropping to a more typical 2.1% in December.
Rogue security software
Rogue security software, or scareware, is designed to look like legitimate software, and once it is installed on a victim’s machine, it often generates erroneous alerts and tricks users into buying more software or services to remove the phony malware it detects.
FakeSpyPro was the most commonly detected rogue security software in 2010. The scareware can mimic a number of different security programs, including ones from Microsoft, McAfee and Barracuda Networks. The different distributions of the Trojan can be downloaded from a number of websites and conduct different system modifications, depending on the variant. FakeSpyPro increased to nearly two million infected machines in 2010 before it dropped to about 900,000 infections by the end of the year.
A report on rogue security software by Symantec documented more than 250 distinct rogue security software packages in the wild. In 2009, Symantec said it received reports of 43 million installation attempts. Experts say computer security awareness training programs offer the best way to defend against infections. Web filtering technologies, offered by many endpoint security vendors, can also detect instances of rogue programs.