'The Great Cyber Crimeware Boom of 2008'
Angela Gunn writes on BetaNews:
Looking for a recession-proof career that's booming? No one's recommending that you actually go into the malware business, of course, but the numbers for 2008 are perversely upbeat. There's even some genuinely good news for you.More here.
The Anti-Phishing Working Group reports [.pdf], for instance, that phishing-related malware (or "crimeware," as they call the stuff) had an absolute boom in the second quarter of 2008. The group's analysis found a remarkable 9,529 URLs spreading phishing warez by the end of June; that's 258% higher than the number recorded during the same period last year.
The apps that power such sites were burgeoning too, hitting a record high of 442 in May '08. Dan Hubbard, CTO of Websense, says that's largely attributable to an upsurge of code used in SQL injection attacks, which have made a big splash in '08.
Phishers often target very specific brands, and AWPG evidence suggests that phisher R&D on how best to do that is reaping fine returns. The number of brands targeted, according to AWPG researchers, continued to rise through the period examined. Meanwhile, the number of "brand-domain pairs" -- a legit URL and the fake URL used to scam the real business' would-be customers -- has dropped.
That sounds like good news, but a closer look suggests that the phishers have simply gotten better at their work. (Bait the hook better and you need fewer hooks.) 294 brands experienced hijacking during the quarter, also a new record.