Malware


Malware Flea Market Pays Hackers to Hijack PCs

Among a slew of online cybercrime forums, Pay-Per-Install.org stands out as a malware flea market where shadowy pushers of Trojan downloaders and tools for evading detection are bargaining with thousands of would-be “affiliates” willing to compromise victims’ computers globally and get paid for it.
Top dollar goes to anyone who can compromise computers in the United States. Those who do the dirty work are paid $140 for every 1,000 U.S. computers they seed with bits of malware, to ready these victims’ computers for other types of criminal assaults such as stealing financial data, sending spam or pushing fake antivirus software.  Read the full story [Network World/Ellen Messmer]

Malware Economy is Thriving

TORONTO — The legitimate economy may be in rough shape right now, but the same cannot be said for the underground economy. Malware authors and botmasters are thriving, experts say, with some online criminals charging as much as $3,500 for their attack toolkits.

The Reality Behind SQL Injection Attacks

TORONTO — The frequency and scope of SQL injection attacks has exploded in the last year or two, with thousands of legitimate Web sites having been compromised and used to serve malware or further Web exploits. That’s the bad news. The good news is that there are some remarkably effective techniques that security professionals can use to identify and recover from these attacks.


According to a report by the Anti-Phishing Working Group (APWG), the number of phishing incidents and rogue anti-malware programs (also known as scareware) are rising at an “unprecedented rate”.
The APWG says that around four fifths of the phishing attack websites claim to offer payment and financial services and in the first half of 2009, a total of more than 485,000 strains of scareware were found. Approximately 22,000 a month were reported in January, rising to over 152,000 in June – indicating a very strong upward trend. Read the full story [h-online.com]  See the full APWG report [PDF from antiphishing.org]

Trend Micro researcher Rik Ferguson has discovered a new twist on the old social engineering attacks on Skype — the use of usernames and monikers that appear very, very convincing.
In the latest attacks, which lure computer users to fake anti-virus sites (rogueware), the attackers are using the username “Online Notification” in the Skype chat window.

From SearchSecurity.com (Robert Westervelt)

Phishing websites and rogue antivirus programs increased precipitously in the first half of 2009, according to a new report issued by the Antiphishing Working Group. The number of unique phishing websites reached a high of nearly 50,000 in June, the second highest on record since more than 55,000 phishing websites were recorded in April, 2007. Read the full story [SearchSecurity.com].

GENEVA — In a sign that cyber-criminals are investing more time and resources into attacks against Apple’s Mac users, a new malware affiliate program has been discovered offering 43c for every infected Mac machine.
During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.

Cyber-criminals are using interest in MMS or SMS on the iPhone to trick users into downloading rogue antivirus software.
According to security company Websense, attackers are abusing Google’s search engine to get users to click on links leading to a malicious page pushing scareware.  Read the full story [eweek.com]

On the heels of yet another Twitter phishing attack, Threatpost editor Ryan Naraine chats with Kaspersky Lab malware researcher Costin Raiu about a new "Krab Krawler" project that pinpoints signs of malicious activity on Twitter.  Raiu introduced the project at this year’s Virus Bulletin conference.  View the VB presentation here.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.