Rogue anti-virus products are a huge parallel business for the cyber crime industry. Most malware developers, instead of stealing from the user's computer, find it easier to install their fake programs.
So said Costin Raiu, director of Kaspersky Lab's Global Research and Analysis Team, during an interview at the company's recent Virus Analyst Summit, held in Cyprus. “It is financially rewarding, highly successful, and extremely difficult to prove that they are actually doing something illegal.”
He said these sorts of programs continue to develop and have flooded the Internet over the past year, adding that their authors are getting increasingly clever. “They use a variety of techniques to trick users, such as copying the interfaces of genuine security solutions, down to the finest detail.”
Another major security threat is malware strains composed of HTML code or scripts that are then placed on legitimate Web sites. Raiu said the two main channels through which these threats grow are drive-by downloads and the Internet.
The aim of these, he said, is to redirect users to malicious Web sites that contain exploits. Raiu added that cyber criminals lure users to infected pages, by sending out links to sites that apparently contain information they know will be of interest to the reader, such as goods or services.
He cites Gumblar as an example of this technique. “Gumblar is a botnet that infects Web servers and infected Web site visitors for the purposes of installing malware on PCs, which redirects user Google searches to fraudulent Web sites. This threat has been extremely successful.”
According to Raiu, the number of legitimate Web sites that get infected with malware has grown exponentially over the past few years. “Sites with large pools of potential victims are attractive targets to cyber criminals. This sees a lot of high-profile, high-traffic Web sites becoming infected.”
Another means by which cyber criminals are exploiting users is the zero-day vulnerability, said Raiu. He explained these are vulnerabilities that are unknown to others or undisclosed to the software developer.
Cyber criminals are able to exploit zero-day vulnerabilities through several different attack vectors, he said. Integral to these types of attacks is that the exploits are used to take advantage of different vulnerabilities in browsers and plug-ins, as well as PDF viewers.
“Several products are vulnerable to these - Adobe Reader and Flash, Internet Explorer (IE) and even Firefox and Java. There are so many ways that criminals can get into a user's computer. Unfortunately, these applications still have to get real security and implement proper update methods.”
He added that pirated software contributes to this problem, as the software does not update itself with the latest security patches, leaving it wide open to attack.
“Older versions of IE are also vulnerable to countless exploits. Failure to install a security solution compounds the problem because even if the system is up to date, it could be infected via zero-day vulnerabilities in third-party software. Security solutions are normally updated far more regularly, and far faster.”
Share
