- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Identity theft threats jumped 200% in the first two months of 2007, a security company said Wednesday, noting that fraudsters have shifted to simpler, more effective tactics.
Cyveillance of Arlington, Va., compiled data from its Internet sweeps to report that the average daily count of URLs hosting malicious downloads climbed to 60,000 in February, 200% over the December 2006 figure. A single-day spike in midmonth came close to 140,000 such sites.
"The traditional phishing technique is being replaced by putting a URL in the e-mail," said Manoj Srivastava, Cyveillance's CTO. "The trend now is to use the browser as the attack vector."
Phishing attacks have shifted from the usual e-mails that try to con users into visiting reproductions of legitimate pages, then duping them into entering their personal information. Instead, thieves simply stick a link in an e-mail message and count on users' gullibility.
"It works," Todd Bransford, vice president of marketing for Cyveillance, said when asked what might be behind the rise. "It's proved to be a highly effective way of taking control of someone's PC."
Malicious sites typically exploit browser vulnerabilities to conduct "drive-by" downloads, installing bot Trojans that let a hacker control the machine or password-stealing keyloggers on compromised systems.
Srivastava speculated that another reason for the rapid rise in malicious sites is, ironically, the effectiveness of antiphishing software. "The phishing detection business has gotten good -- ours included -- and [so] it's far easier to detect conventional phishing techniques" than to gauge the potential for harm from a Web site.
The quick climb might also be a result of the increasing ease with which identity thefts are crafted. "[Phishing] kits have become common. It's so simple to launch attacks now that there's something of a geometric progression going on with the numbers," said Srivastava. "The economics and risks involved being what they are, more people are learning about identity theft and how to make money from it. This looks like an inflection point."
Cyveillance also uncovered hundreds of thousands of credit and debit card account numbers in its sweeps of IRC channels and server logs of botnet operators. In the first two months of the year, the company's monitoring technology found more than 320,000 credit and debit card numbers, more than 1.4 million potential Social Security numbers and approximately 1.3 million account log-on credentials.
Rss FeedRss Feed
and there is always a but... firebug doesnt work :(- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment