Cyber thugs share data

The Apple iPhone has not officially hit Indian shores, yet spammers have launched a malicious email spam campaign that employs social-engineering tactics. Visitors who click on an embedded link for 'presentation' or for 'more information,' on the iPhone, could end up downloading a trojan "" malware that transmits a computer virus, opening up the computer system to fraudsters.

Previously, a similar attack designed around iPhone was discovered by Sunbelt Software. Windows-run computers were infected by the malware, triggered by visiting legitimate sites such as yahoo.com or google.com where an embedded link prompted users to visit iPhone.com.

Users were redirected to a pseudo site under the control of fraudsters. Victims were then asked to send payment for their Apple iPhone through Western Union or Moneygram rather than via a credit card.

HOW THESE C2C TROJANS WORK

A user browses a legitimate site.

The user is referred to malicious code hosted on a crimeware server via an embedded link (promotional offer or an advertisement) on the legitimate site.

After specific software versions are detected, the crimeware toolkit installs a trojan as part of the attack.

While downloading and installing the trojan, the victim is redirected to another malicious site. This site is the "business partner"

These scams, say experts, are part of a criminal-to-criminal (C2C) business model. A Finjan (web security solutions provider), report states: "Owners of malicious sites share their victims with other site owners in order to leverage the strength of one site and provide business to the other." Trojan 2.0 attacks use regular Web 2.0 technology and websites to exploit legitimate web services, said Finjan, which has monitored such attacks through its Malicious Code Research Centre (MCRC).

 Crimeware developers now supply "crimeware toolkits" to other fraudsters. These packages guide users to sneak into a system and then retrieve data for financial gain. But criminals can also go the old-fashioned way "" purchasing data collected by trojans, keyloggers and other types of crimeware.

SophosLabs, which had intercepted emails with subject lines such as 'Million dead in Chinese quake' linking victims to websites on a .cn domain, agrees on the increasing complexity of trojans.

Sophos experts predict, "Using the highly-anticipated Olympic Games due to take place in Beijing in August, cyber thieves would be on prowl to launch many more trojans that could sneak into systems and silently track a victim's system and data stream."

Ambarish Deshpande, regional director (India and SAARC), IronPort explains, "One of the main reasons why e-crime has emerged as a profitable business is the success rate of trojan 2.0 technologies. This typically employs legitimate websites as its attack vector. By using silent installations and drive-by downloads, PCs and networks are successfully infected and their details are sold to a new set of spammers."

Websense, another web security firm, has announced that threats associated with the Chinese Olympics, online advertisements, the iPhone 3G and Web 2.0 applications would be among the top areas that hackers would focus on in 2008.

"Spammers are using topical issues like high gas prices, the credit crunch and housing costs to spread more spam and trick more users into clicking fraudulent links," says Websense.

Additionally, with a growing number of people facing foreclosure and other financial distress, Websense researchers are also noticing an uptick in solicitations for credit cards, credit reporting services and debt consolidation services.

Finjan too foresees a grim situation. "We see the rise of the Crimeware-as-a-Service (CaaS) model in the Crimeware-toolkit market. It enables such a toolkit to gather the data from the victims and sort it according to some rough criteria for the users, since all the data and networking is already built-in and available for the criminals and attackers."

The cybercriminals are expected to get more adept at protecting themselves from law enforcement by using the CaaS model, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised.

Traditional security technologies are not equipped to deal with, let alone prevent, these threats. To meet the growing demand for more effective protection, the security industry must close the gap between these new attack techniques and the conventional defence strategies, reason security experts.

The optimal way to do this is concentrating on real-time code inspection technologies, points Rajat Khare, CEO, Appin Security Group. His company provides cyber security solutions to Rashtrapati Bhavan, DRDO, Indian Army and Navy, Delhi Metro Rail Corporation, Microsoft, GMR Group "" Hyderabad Airport and MTNL among others.

"The advancements made in trojan technology compel businesses to upgrade their web security solutions. Products that rely on real-time inspection and true understanding of the underlying web content, rather than reputation-based or signature-based solutions, are best equipped to handle these types of threats," he concludes.