When it comes to computer security, bad news usually follows even the rare positive statistic. In their latest report, Websense note that they’ve seen the number of compromised Web sites fall off. Yet, even though this seems like the rare glimpse of something encouraging, it actually means that malicious hackers have become smarter and decided to target their activities more carefully.
Well prepared and considered attacks have replaced the traditional distributed approach. The motivation is clear – target a smaller number of websites that have more traffic and gain more in less time.
Here’s an overview of the growth of malicious Web sites over the last 18 months, June 2008 – December 2009:
Recently, a social engineering scam used uniquely crafted phishing e-mails spoofing Microsoft Outlook Web Access that invited recipients to apply a new set of settings to their mailboxes because of a recent security upgrade.
An embedded link in the email connects users to a web site that appears to be a Microsoft Office Outlook Web Access page, including official Microsoft and Microsoft Office logos. On the page, users are directed to “download and launch a file with a new set of settings for your e-mail account.”
The executable is actually a Zbot Trojan similar to Trojans distributed in recent H1N1 and Facebook phishing attacks.