Controlling the crime

The organisers of a major Indian cybercrime conference have called for the creation of a global monitoring agency, as well as international standards for electronic crime laws.

More on this brilliant initiative can be found on India's Central Bureau of Investigation's Web site.

Although little needs to be said about the prevalence of online crime, here are a few stats that made headlines this week.

Symantec has released it latest Internet Security Threat Report, and the results are not pretty, according to Search Security.

There has been a tremendous upsurge in the selling of crime kits. These kits take the technical work out of setting up and distributing malware, which basically means anyone can easily exploit a smorgasbord of malicious activity.

Symantec released its threat report on Monday. It covers the threat landscape over the six-month period between 1 January and 30 June 2007.

Some standard names for these kits include MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit.

Zulfikar Ramzan, a senior principal researcher at Symantec, said the kits are being sold for as much as $1 000 on the black market.

There has been a tremendous upsurge in the selling of crime kits.

Ilva Pieterse, ITWeb contributor

Malware is getting smarter, says IBM.

The company has reported an increase in malware sophistication as part of its security statistics report for the first half of the year, according to PC World.

According to IBM, the "exploits as a service" industry continues to thrive, with the new practice of "exploit leasing" added to the repertoire of criminals. By leasing an exploit, attackers can now test exploitation techniques with a smaller initial investment, making this underground market an even more attractive option for malicious perpetrators.

According to the report, Trojans (seemingly legitimate files that are actually malware) are the most common form of malware this year, accounting for 28% of all malware.

"The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyber attacks," said Kris Lamb, director of X-Force. "This directly correlates to the rise in popularity of Trojans we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks."

But it's not all bad. German police have arrested an international Trojan horse gang for computer-related financial crimes, according to Security Focus.

The suspects allegedly used a Trojan horse program to infect victims' machines and log their bank activity, racking up hundred of thousands of euros in profits. The suspects were residents of Hamburg, Duesseldorf, Cologne, Frankfurt and Elmshorn.

Mobile viruses are not yet quite in the cybercriminal's radar and are mostly the work of amateurs, reports VNUnet.

"We believe mobile viruses are still created mainly by hobbyists," said Kimmo Alkio, chief executive at F-Secure. "Criminal attacks are a tiny proportion of mobile virus attacks."

Alkio believes there are two principal reasons for this. Firstly, the number of smartphones capable of holding information that could be used for financial gain is still relatively small compared to the overall user base of mobile phones.

Secondly, there is no monoculture of operating systems in the mobile sphere. European phones are largely Symbian-based while US smartphones predominantly use Windows Mobile.