Despite predictions of a gloomy holiday shopping season, Internet bargains, gas saving and easy price comparison spur online shopping. Millions are planning to do their shopping online from work to save both time and money. But this might be opening the door to a whole other group of shoppers: cyber-criminals trolling for data and using malicious code to steal valuable information from corporate networks.
The number of people shopping online from work is increasing, according to a recent report released by Shop.org, which indicates that 55.8 percent of employees with Internet access at work, or roughly 72.8 million people, will shop for holiday gifts from work this year. This is up from 44.7 percent in 2005. Forrester Research is also projecting that US consumers will spend an estimated US$44 billion online during November and December 2008, up 12 percent from the same period last year.
This online shopping surge is likely to become a cybercrime haven. Today's cybercriminals are infecting legitimate websites with their malicious code, gaining significant Web traffic volume without having to send out spam to promote infected websites. At the same time these attacks evade traditional protection solutions, as these security measures are more effectively blocking websites correlated to links in mass spam. However, recent industry statistics show that 75 percent to 90 percent of malware on the Web originates from infected legitimate websites.
Cybercriminals are especially keen to get data collected from employees shopping online from work. Although stolen credit card numbers are still appealing to cyber-criminals, the abundance of such stolen information has commoditized in such a way that credit card numbers can only be traded for $10-$20. Sensitive and confidential corporate data such as FTP or Citrix credentials on the other hand, are 'premium' data that can be traded at a much higher price. Once an employee's PC at the workplace is infected, a crimeware Trojan will stealthily send out valuable information to the cybercriminals 'drop zone'. Such information includes both personal credentials as well as corporate sensitive information. Finjan's Malicious Code Research Center finds more and more corporate information including FTP, Exchange and Citrix credentials and even e-mail correspondence stored on crime-severs.
It might come as a surprise, but the chance of getting infected by a data-stealing Trojan is scarily high. An employee only needs to visit an infected shopping website to automatically get his PC compromised. Today's malware is especially tailored to exploit multiple vulnerabilities in the browser, operating system, media player and other script-enabled applications. Malicious code is almost always obfuscated or hidden in such a way that makes it 'invisible' to antivirus and signature based security solutions. An estimated 80 percent of today's malware is obfuscated, as found by the Finjan Malicious Code Research Center. Once the malware neutralizes protection measures of the infected application, it downloads a malicious 'payload', usually an advanced data-stealing Trojan. These Trojans are often highly sophisticated allowing cybercriminals to control the compromised PCs from a remote command and control center.