Malware going retro in 2013, security firm finds

Old tricks attract attention of cyber bandits in the first quarter, McAfee finds

Malware perpetrators turned to their old tricks in the first quarter of this year, a threat report released Monday by the cybersecurity firm McAfee finds.

The report noted malicious trends that had gathered steam over the last three quarters of 2012 declined during the quarter ending in March, including:

  • Android malware samples captured during the time frame jumped 40 percent -- 10 percent lower than the previous quarter.
  • Malicious URLs increased 12 percent, but nearly 40 points less than the last quarter 2012.
  • Growth in malware aimed at PCs slipped, too, to 28 percent, compared to 38 percent in the previous quarter.
  • Password stealers, ransomware, fake anti-virus software and rootkits all showed flat growth rates during the period.

"These particular trends, however, do not mean that cyberspace is becoming safer," McAfee said.

"On the contrary," the report said. "When combined with other trends observed in the first quarter, it would appear that the cybercriminal community is becoming smarter and more disciplined as it develops a preference for more targeted attacks aimed at specific communities or geographies."

However, online predators reverted to old schemes to target unsuspecting online users. For example, so-called "pump and dump" scams were popular.

"We saw an enormous amount of it around 2007," Adam Wosotowsky, a messaging data architect for McAfee, told CSO. "Then for awhile, nothing was going on with it."

"This last quarter it came on with a significant volume," he said.

Such schemes typically involve penny stocks. Scammers try to inflate the price of the stock by encouraging naive investors through spam emails to buy the stock. When the investors drive the stock price high enough, the scammers cash in and the stock price drops like a rock.

"A lot of times, you'll see the scammers buy it back up when it hits rock bottom and do it all over again," Wosotowsky added.

Pump-and-dump scams are pushed through traditional spam and their perpetrators aren't interested in infecting their targets as is the case with many modern spammers. "They don't have malicious links and they don't have malicious payloads," said Bogdan Botezatu, a senior threat analyst with Bitdefender.

[Also see: Facebook used as a billboard for malware]

Another blast from the past was Koobface, a worm aimed at Facebook users. The malware had been practically dormant over the last year but in the first quarter, Koobface samples tripled over the previous quarter.

"The cybercriminal community obviously believes that social media users constitute a very target-rich environment of potential victims," McAfee said.

Old tricks may have caught the fancy of digital desperadoes during the quarter, but they had some new ideas, too. Samples of Citadel that expanded that Trojan's powers also appeared.

The malware was originally designed to steal currency from very specific banks. Recent strains, though, were modified to extract personal information from a target, as well.

A trend that didn't abate during the quarter is the movement of botnet managers toward industrial espionage. "They used to be content bottom feeding on suckers," Wosotowsky said.

"Although ransomware is still a big thing," he said, "there seems to be a movement toward industrial espionage and establishing advanced persistent threats."

User-friendly botnet software is contributing to that trend. "Years ago, malware had to be crafted by someone who know what they were doing," Wosotowsky said. "Now anyone can get a kit that makes setting up a botnet a plug-and-play experience."

Copyright © 2013 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022