Rogue bots and social networking
According to the MessageLabs Intelligence 2008 Security Report, during 2008 botnets were responsible for 90 percent of all spam, and responsible for a rise in the proportion of email-borne malware contained in links to malicious websites. This proportion peaked at 61.1 percent in February, when an increase of malicious activity from Storm was responsible for 96 percent of these interceptions.
Before its demise, one of Storm’s last activities involved a new bout of malware that appeared in July 2008 using headlines involving celebrities meeting their death and contained links to sites that when activated resulted in the installation of Antivirus XP 2008, a rogue anti-spyware program which could be installed without the user’s involvement. The program runs a fake scan on the computer offering to remove the number of infections found for a fee.
Following Storm’s demise, links to this rogue application were spammed out by other botnets, including Srizbi, Rustock and Mega-D. One third of malicious links intercepted in July were related to “Antivirus XP 2008” and by August, 64 percent of malicious emails, mostly spoofing fake greeting cards, contained links to Trojan droppers designed to install the rogue anti-spyware program.
Another cybercriminal favorite of 2008 involved the distribution of malware on social networking sites, first seen in small amounts toward the end of 2007. One tactic that became popular this year was to create fake profiles on social networking sites using them to post malicious links and to phish other users. Once a user is phished, spammers can post blog comments on the pages of their friends and send messages from the phished accounts to other contacts. The messages were mostly used to dispense spam, including links to spam sites such as online pharmacies. After gaining access to legitimate user profiles, scammers then harvest the available personal information to further target users, wreaking havoc.
Finally, phishing underwent some notable transformations in 2008 as phishing attacks from specialized botnets became commonplace. While the intensity of phishing attacks hasn’t changed significantly over the course of the year, the targets have widened to include recruitment agencies and online retailers in addition to the financial institutions of before. The number of specialized banking Trojans is expected to rise further in 2009.