Malware going retro in 2013, security firm finds

Malware perpetrators turned to their old tricks in the first quarter of this year, a threat report released Monday by the cybersecurity firm McAfee finds.

The report noted malicious trends that had gathered steam over the last three quarters of 2012 declined during the quarter ending in March, including:

  • Android malware samples captured during the time frame jumped 40 percent -- 10 percent lower than the previous quarter.
  • Malicious URLs increased 12 percent, but nearly 40 points less than the last quarter 2012.
  • Growth in malware aimed at PCs slipped, too, to 28 percent, compared to 38 percent in the previous quarter.
  • Password stealers, ransomware, fake anti-virus software and rootkits all showed flat growth rates during the period.

"These particular trends, however, do not mean that cyberspace is becoming safer," McAfee said.

"On the contrary," the report said. "When combined with other trends observed in the first quarter, it would appear that the cybercriminal community is becoming smarter and more disciplined as it develops a preference for more targeted attacks aimed at specific communities or geographies."

However, online predators reverted to old schemes to target unsuspecting online users. For example, so-called "pump and dump" scams were popular.

"We saw an enormous amount of it around 2007," Adam Wosotowsky, a messaging data architect for McAfee, told CSO. "Then for awhile, nothing was going on with it."

"This last quarter it came on with a significant volume," he said.

Such schemes typically involve penny stocks. Scammers try to inflate the price of the stock by encouraging naive investors through spam emails to buy the stock. When the investors drive the stock price high enough, the scammers cash in and the stock price drops like a rock.

"A lot of times, you'll see the scammers buy it back up when it hits rock bottom and do it all over again," Wosotowsky added.

Pump-and-dump scams are pushed through traditional spam and their perpetrators aren't interested in infecting their targets as is the case with many modern spammers. "They don't have malicious links and they don't have malicious payloads," said Bogdan Botezatu, a senior threat analyst with Bitdefender.

[Also see: Facebook used as a billboard for malware]

Another blast from the past was Koobface, a worm aimed at Facebook users. The malware had been practically dormant over the last year but in the first quarter, Koobface samples tripled over the previous quarter.

"The cybercriminal community obviously believes that social media users constitute a very target-rich environment of potential victims," McAfee said.

Old tricks may have caught the fancy of digital desperadoes during the quarter, but they had some new ideas, too. Samples of Citadel that expanded that Trojan's powers also appeared.

The malware was originally designed to steal currency from very specific banks. Recent strains, though, were modified to extract personal information from a target, as well.

A trend that didn't abate during the quarter is the movement of botnet managers toward industrial espionage. "They used to be content bottom feeding on suckers," Wosotowsky said.

"Although ransomware is still a big thing," he said, "there seems to be a movement toward industrial espionage and establishing advanced persistent threats."

User-friendly botnet software is contributing to that trend. "Years ago, malware had to be crafted by someone who know what they were doing," Wosotowsky said. "Now anyone can get a kit that makes setting up a botnet a plug-and-play experience."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags mcafeeapplicationsData Protection | Malwaresecuritykoobfacelegalsoftwaredata protectionmalwarecybercrime

More about CitadelCSOFacebookMcAfee Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place