CAMBRIDGE, Mass.– The APWG reports in the H2 2010 Phishing Activity Trends Report this month that the development of crimeware surged in the half-year period ending in December, 2010 with one data contributor registering more than 10 million new malware samples in the period, while other analysts describe important shifts in approaches to crimeware deployment by cybercrime gangs.
Cybercriminals repurpose base code of existing crimeware using polymorphic techniques to craft new variations of crimeware to evade detection by filters reliant on fingerprints of known crimeware. In H2, 2010, however, cybercriminals’ crimeware development efforts were more than redoubled with PandaLabs reporting 10,425,663 new malware samples being registered in that period – some 17 percent of all samples the company has recorded since 1990.
Luis Corrons, PandaLabs Technical Director and Trends Report contributing analyst, said, “Fifty-five percent of the new samples created in the 2nd half of 2010 were Trojans, the favorite weapon used by cybercriminals to infect consumers’ computers.”
Trojans, deployed as desktop crimeware, infect a user’s computer with undetectable malware, designed specifically to allow cybercriminals to break into the online bank accounts of consumers and businesses and then initiate fraudulent funds transfers or enter bogus bill payment instructions.
Patrik Runald, Senior Manager, Security Research for Websense and Trends Report contributing analyst said his laboratory noticed a shift toward a binary weapons approach to infecting PCs with crimeware, assembling the final crimeware code from several components that arrive through different mechanisms and at different times.
Rubald said, “During the second half of 2010 we saw a small drop, percentage-wise, in malware aimed specifically at stealing data but an increase in the total amount of samples compared to the first half of 2010. Downloaders are used in many of these cases and the end goal is still to steal data – but using several components instead of including this functionality in the main component.”
Ihab Shraim, chief security officer and vice president, network and systems engineering, MarkMonitor and Trends Report contributing analyst said, “The second half of 2010 saw a 6 percent drop in total phishing attacks from the first half. However, the number of brands targeted went up by over 7 percent and there was an increase of almost 6 percent in unique Brand-Domain pairs. This data suggests that phishers are utilizing more targeted tactics in order to achieve a better ROI on their phishing campaigns.”
Indeed, while measurements for conventional social engineering-based phishing show some slowing of growth during the half, reports of hyper-focused phishing attacks on key personnel have been increasing since H2 2010, and have continued growing through early 2011, indicating a larger shift in tactics by established cybercrime gangs. Though difficult to count automatically, reports of these so-called “spear-phishing” schemes have been increasing in frequency over the past year – and continue to grow.
Dave Jevans, APWG chairman and Trends Report contributing analyst said, “In the latter months of 2010 we have seen an increase in spear-phishing, where individuals inside companies and government agencies are targeted by criminals who send individualized fake emails to their victims, often with crimeware payloads. These emails usually evade spam and anti-virus filters, and are very effective at infecting a user’s computer.
“There are an increasing number of reports where spear-phishing is used as part of a sophisticated attack to gain access into a corporation’s network by infecting a targeted employee’s computer. This trend is accelerating in 2011, and is responsible for many high profile corporate data breaches,” Jevans said.
The full text of the report is available here: http://www.apwg.org/reports/apwg_report_h2_2010.pdf
Other highlights of the report include:
● Unique phishing reports submitted to APWG in H2, 2010 steadily decreased over the half, after reaching a previous high for 2010 in June with 33,617
● Unique phishing websites detected by APWG during H2, 2010 saw a fluctuation of more than 5,000 sites month to month within the half-year period
● The high number of unique brand-domain pairs, 16,767 in November, was down nearly 32 percent from the record of 24,438 in August, 2009
● The number of phished brands reached a high of 335 in September during the half, a decrease of 6 percent from the all-time high of 356 in October, 2009
● Financial Services returned to being the most targeted industry sector in the 3rd and 4th quarters of 2010
● Sweden jumped to the top of countries hosting phishing sites reported during Q3, 2010 with 83.12% of all hosting sites reported in August
● The top 10 most prevalent families of fake anti-virus software are responsible for more than 59 percent of rogueware infections
About the APWG
The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s Web www.apwg.org site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.org and sponsor of the eCrime Researchers Summit, the world’s only peer-reviewed research conference dedicated specifically to electronic crime studies www.ecrimeresearch.org.
APWG’s corporate sponsors are as follows: AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Booz Allen Hamilton, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), eCert, Entrust (ENTU), eEye, ESET, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GlobalSign, GoDaddy, Goodmail Systems, GroupIB, GuardID Systems, Hauri, HomeAway, Huawei Symantec, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, M86Security, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Planty.net, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), Tagged, TDS Telecom, Telefonica (TEF), TransCreditBank, Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO), zvelo and ZYNGA.

CUPERTINO, Calif., Sept. 08, 2010 /PRNewswire/ – Trend Micro Incorporated, a global leader in the fight against cybercrime, today released new security software that provides state-of-the-art protection for consumers’ data, delivered with optimal performance and ease-of-use. Trend Micro’s Titanium Security 2011 stops viruses, spyware, and phishing attacks before they reach you, your family or home office PC.

Titanium 2011 utilizes a revolutionary cloud-client strategy that combines cloud-based web, email, and file reputation services with Trend Micro’s Smart Scanning technology for real-time, up-to-date protection against today’s sophisticated threats. The new three-product family includes Titanium™ Antivirus+, Titanium™ Internet Security, and Titanium™ Maximum Security. Each provides customers with better performing, easiest-to-use security software that ensures ultimate protection.

Smarter Protection

Because a portion of the application resides on Trend Micro’s own servers, Titanium 2011 is able to stop threats before they can reach a protected PC. This partially cloud-based architecture also lightens the protected computer’s processing, memory, and storage load, resulting in significant performance gains. In real world test scenarios, early independent testing has already determined that Titanium is a leader in protection and performance and is designed to stop Internet malware proactively.

“Titanium 2011 is an all-around win for consumers,” said Carol Carpenter, executive general manager for the Consumer and Small Business units at Trend Micro. “Our new technology takes family and PC protection to entirely new heights and is the most effective way to challenge the explosion of real world online threats that we expect will continue indefinitely. It’s a major upgrade for our customers, for Trend Micro and for the industry.”

Titanium uses Trend Micro’s Smart Scan engine to deliver immediate protection directly from the Internet cloud. By accessing Trend Micro’s continually updated reputation databases over the Internet, response to threats is significantly faster than with conventional security software. Such applications require large periodic downloads of malware signatures that provide less effective protection than Titanium 2011’s access to live reputation data.

The Smart Scan engine also works with local indexes and caches, as well as heuristics and behavior monitoring technologies, all of which reside on the customer’s PC, so the user’s data is still protected when the PC is offline. This powerful combination fights threats both in the cloud and on the local machine.

Trend Micro Titanium 2011 also takes advantage of the Trend Micro™ Smart Protection Network™ infrastructure that operates discreetly in the background, analyzing files and Internet activities for threats. There is no need for users to worry about keeping a large database of protection signatures continually updated on the local PC hard drive, since the reputation services used by Titanium Security 2011 are located in the cloud. This is a completely new way to protect users’ data.

Previous security applications from Trend Micro and its competitors store threat information on the protected computer itself. Besides requiring the machine to actually “touch” an infected site in order to evaluate the threat, it also required frequent updates of the threat database.
A recently conducted set of tests by NSS Labs demonstrates the superior protection of Titanium™. In the tests, Titanium™ is rated #1 in catching malware before it executes on a user’s computer and #1 in stopping zero hour malware. The complete findings will be available in an upcoming report from NSS Labs (http://www.nsslabs.com).

Better Performance

In designing Titanium 2011, Trend Micro engineers focused not only on providing better protection, but also on increased performance, resulting in a dramatically thinner application that is not only smaller in size but also lighter in CPU and memory usage.

“The buyers of security software are torn between the need to be protected and the need to maintain adequate performance,” said Rob Enderle Principal Analyst for the Enderle Group. “These conflicting needs often have them at war with their security solution and under protected. Titanium 2011 from Trend Micro is the first product to deeply embrace both needs to provide a security solution that actually may increase performance removing this painful conflict,” Rob Enderle, Principal Analyst, Enderle Group.

Titanium 2011 transforms the customer experience across a number of key benchmarks, including faster scan times, as well as lower memory and CPU usage, balancing thoroughness with efficiency. Faster boot time, quicker file copying, a smaller installer size, and full scan optimization after initial installment are other enhancements.

“The threat landscape is becoming more sophisticated and prolific – and Titanium meets the challenge,” said Brook Stein, senior product manager for Trend Micro. “Customers have told us they were tired of security software slowing their computers down, but weren’t willing to sacrifice the quality of protection. Our answer is Titanium 2011, the most robust protective system we have ever built and by far the easiest to use.”

Easier To Use

Using a revamped, widget-like interface, Titanium 2011 users can easily navigate and control settings and reports. The software also helps parents keep their children safe from cyber criminals and inappropriate content when they go online and can fight spam and other unsolicited commercial e-mail.

In all three versions, Titanium 2011 is:

• Light on system resources so PCs can run faster
• Designed to be easy-to-use and understand with simple screens and graphical reports
• Uses less than half the disk space and memory of other security products

Configuration is simple, since default settings are optimized for each user right out of the box and can be easily modified. Intuitive security reports with simple screens and graphs provide users with everything they need to understand their computer’s security status. The security dashboard shows protection status at a glance and annoying pop-ups and interruption notifications have been eliminated.

The Titanium Maximum Security version adds easy-to-use options including secure erase, remote file lock in case of computer theft, a system tuner, and 10GB of secure online backup and sync with sharing features.

All versions of Trend Micro Titanium 2011 automatically find and uninstall existing and unnecessary security software to help reduce conflicts that can occur when multiple solutions are in operation.

Availability, Prices and Requirements

Trend Micro Titanium is a family of three products offering protection that is not only effective, fast and easy-to-use, but also brings the power of cloud computing to block threats before they reach your computer.

Trend Micro Titanium 2011 products will be available for purchase starting September 08, 2010 in the U.S. through retailers and the Trend Micro online store, through retail channel partners in select countries worldwide, and at various retail locations online.

• Trend Micro™ Titanium™ Antivirus+ ($39.95 for 1 PC, $59.95 for 3 PCs) – Includes antivirus, antispyware and Web threat protection, stopping malicious downloads and finding and blocking malicious links in emails or IMs.
• Trend Micro™ Titanium™ Internet Security ($49.95 for 1 PC, $69.95 for 3 PCs) – Includes everything in Titanium Antivirus+ plus spam blocking, customizable parental controls, data theft prevention, and helps prevent unauthorized changes to applications.
• Trend Micro™ Titanium™ Maximum Security ($59.95 for 1 PC, $79.95 for 3 PCs) – Includes everything in Titanium Internet Security plus 10 GB secure online backup with sync and sharing features, system optimization, Secure Erase, Wi-Fi protection and Remote File Lock to remotely secure confidential files in case your PC is stolen.

Trend Micro Titanium 2011 products support Microsoft Windows® 7 Family, Service Pack 1 or higher; Windows Vista, Service Pack 1 or higher; and Windows® XP Family (32 bit or higher), Service Pack 3 or higher. For Windows 7 and Vista 1GB memory is recommended; for Windows XP 512MB is recommended; and 500 MB disk space for all three editions.

About Trend Micro

Founded in 1988, Trend Micro Inc., a global leader in Internet content security has over 20 years of experience creating a safer world for consumers and businesses to exchange digital information. Based in Tokyo and employing more than 4,400 people in 23 countries, Trend is both a pioneer and industry vanguard. The company is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats.

Visit TrendWatch to learn more about the latest threats.

Trend Micro’s flexible solutions are supported 24/7 by threat intelligence and analysis experts around the globe.

Many of these solutions are powered by the Smart Protection Network infrastructure, an Internet cloud-based innovation that combines sophisticated reputation technology, feedback loops, and the expertise of TrendLabs℠ researchers to deliver real-time protection against rapidly emerging threats. Trend Micro’s trusted security solutions include products ranging from single PC consumer solutions to enterprise-level security and threat management. Trend’s products are sold through business partners worldwide. Please visit Trend Micro.com to learn more.

Here’s an interesting connection between 2 of the different worlds that I function within.  Using people’s interest in games as bait for phishing.

StarCraft II accounts being targeted in phishing scam – Video Games Reviews, Cheats | Geek.com.

Is nothing sacred?  Obviously not in the world of spam and phish.