BANGALORE, INDIA: The explosive evolution of the internet is changing the way we communicate, every day. The web has enabled most of us to work smarter and be more efficient. It has also created a plethora of opportunities for devious attackers to steal information, misuse computers and infect systems with malicious software.
Symantec recaps the top attack trends that dominated the net in recent months. Unsurprisingly, variants of spam, which has grown to comprise 85 per cent of all email, dominate the list.
Recession Spam
The dark cloud of recession that has been hanging over the world for the past year has a silver lining - for spammers. They tried to tempt innocent web users into believing they could solve the financial woes that the world's leaders are still struggling with.
While multimillion-dollar corporations were busy firing thousands of employees, dream jobs started landing up in our inboxes. However, anyone who fell for such bait out of curiosity or desperation would've had a rude awakening, with their carelessness resulting in private data being leaked, at the very least. Many who clicked through the links in some of these messages inadvertently downloaded a virus that enables hackers to take control of their email accounts.
Spammers didn't stop with job offers: they also offered easy loans for no collateral, promised to enable profitable sale of property, and tried scaring users by sending 'rejection letters'.
Poll attacks
The run-up to the Lok Sabha polls witnessed unprecedent ed investment by political parties in gaining visibility on the Web. With election fever catching on, hackers, spammers and every other cyber criminal are a busy lot. Political themes are a perfect opportunity for them, as they have strong appeal among a wide audience and appeal to the patriotic spirit.
During the recent elections, an Indian online non-profit portal that provides several voter services, including voter registration, voter list searching, election information, and assembly constituency searching, was targeted by hackers.
Symantec discovered that this site was compromised and its pages were contaminated with malicious JavaScript. This file that was uploaded to the site was the first link in a chain of JavaScript files that eventually led to a malicious PDF file. This file attempted to exploit vulnerable PDF readers. The payload of the malicious PDF then attempted to download malware to the
compromised computer.
Tragedy
Tragedies, they say, bring out the best in everyone. As shown in the amount of unwanted/malicious mail that follows every tra gic event, spammers are obviously an exception to this.
The Myanmar cyclone prompted an outpouring of aid to the affected regions from governments and individuals all over the world. They also prompted an avalanche of spam seeking donations that would never reach the intended victims.
The earthquake in China had a ripple effect on the web, with spammers using it to spread a virus. With infected emails given 'newsy' subject lines, readers were enticed to open a URL linked to a video. Hitting the 'Play' button, however, opened an executable file de tected as Trojan.Peacom.D. This Trojan gathers system information and email addresses from the compromised computer. The Peacomm family of Trojans is also commonly known as the 'Storm'.
Closer home, the ghastly 26/11 terror attacks that grabbed the attention of the world were also abused by spammers.
Conficker
One of the hottest topics of 2009 has undoubtedly been Downadup aka Conficker, a worm that had security experts on their toes. According to the Conficker Working Group, of which Symantec is a member, 35 million unique IP addresses have been infected by the worm since the beginning.
Since its appearance in late-2008, the Downadup worm has become one of the most widespread threats to hit the Internet for a number of years. A complex piece of malicious code, this threat could jump certain network hurdles, hide in the shadows of network traffic, and defend itself against attack with a deftness not often seen in today's threat landscape. Yet it contained few previously unseen features. What set it apart was the sheer number of tricks it held up its sleeve.
W32.Downadup exploited vulnerabilities in unpatched Windows systems and propagated on peer-to-peer networks. But a limiting factor was that its propagation routine depended on a publicly available GeoIP data file used to determine IP location. When the GeoIP authors decided to remove it from the location called by the worm, the absence of this file made it difficult for the worm to spread as rapidly, reducing its propagation to local networks already infected.
