Trend Micro Sees Growth of Underground Cybercrime Economy

CUPERTINO, Calif., Feb. 19 /PRNewswire/ -- Trend Micro Incorporated TSE: 4704, a global leader in Internet content security, published today its 2007 Threat Report and 2008 Forecast.

According to research from Trend Micro's TrendLabs(SM), hackers are intensifying their attacks on legitimate Web sites. The number of compromised Web sites are slowly outnumbering malicious ones created specifically by cyber criminals. It debunks the adage to "not visit questionable sites" because even trusted Web sites such as those belonging to Fortune 500 companies, schools and government organizations can hold malware.

An underground malware industry has carved itself a thriving market by exploiting the trust and confidence of Web users. The Russian Business Network, for example, was notorious all year for hosting illegal businesses including child pornography, phishing and malware distribution sites. This underground industry excludes no one. In 2007, Apple had to contend with the ZLOB gang, a group of professional hackers who relies on tricking users to download and install malicious software; even alternative operating systems are not safe havens for the online user when it comes to Web threats. The Italian Gromozon, a malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007.

This past year, the NUWAR (Storm) botnet expanded in scope. Trend Micro researchers learned that the Storm botnet is renting its services to malicious hackers and its spamming capabilities rented out to spammers -- evidence that botnet threats are becoming more prevalent and sophisticated. During 2007, the most popular communication protocol among botnet owners was still Internet Relay Chat possibly because software to create IRC bots is widely available and easily implemented.

Security threats are no longer limited to PCs. Mobile devices, as they become more advanced and powerful, are at risk for the same types of threats as PCs (viruses, spam, Trojans, malware, etc.) Gadgets with wireless capabilities such as Wi-Fi and Bluetooth, as well as storage capability have become major sources of data leaks and carriers of infections through security perimeters.

    Other notable findings from the report:    --  The Windows Animated Cursor exploit (EXPL_ANICMOO) encompassed over 50        percent of all exploit codes to hit the Internet computing population.        74 percent of its infections this year came from Asia.  The same holds        true for TROJ_ANICMOO.AX, a related threat which embedded the exploit.        64 percent of computers infected with this were from China.    --  The top malware finding was WORM_SPYBOT.IS and WORM_GAOBOT.DF. Both        created botnets and worms that infected USB-connected devices.    --  Nearly 50 percent of all threat infections come from North America,        but Asian countries are also experiencing a growth -- 40 percent of        infections stem from that region.    --  Social networking communities and user-created content such as blog        sites became infection vectors due to attacks on their underlying Web        2.0 technologies, particularly cross-site scripting and streaming        technologies.    --  Infection volumes nearly quadrupled between September and November        2007, indicating that malware authors took advantage of the holiday        seasons as an opportunity to send spam or deploy spyware while users        are shopping online.    --  In 2007, the top online commerce site attacked by phishers was still        global auction site eBay and sister company PayPal.  Financial        institutions, especially those based in North America, also        experienced a high volume of phishing attacks.

2008 Forecast

Based on the emerging trends of this year, the following are Trend Micro's forecasts for the 2008 threat landscape:

    1.  Legacy code used in operating systems and vulnerabilities in popular        applications will continue to be attacked in the effort to inject        in-process malicious code that criminals can exploit to run malware as        they attempt to steal confidential and proprietary information.    2.  High-profile Web sites that run the gamut of social networking,        banking/financial, online gaming, search engine, travel, commercial        ticketing, local government sectors, news, job, blogging, and        e-commerce sites for auction and shopping will continue to be the most        sought-after attack vectors by criminals to host links to phishing and        identity theft code.    3.  Unmanaged devices such as smart phones, mp3 players, digital frames,        thumb drives and gaming stations will continue to provide        opportunities for criminals and malware to infiltrate a company's        security borders due to their capabilities for storage, computing and        Wi-Fi. Public access points such as those in coffee shops, bookstores,        hotel lobbies, and airports will continue to be distribution points        for malware or attack vectors used by malicious entities.    4.  Communication services such as email, instant messaging, as well as        file sharing will continue to be abused by content threats such as        image spam, malicious URLs and attachments via targeted and localized        social engineered themes.    5.  Data protection and software security strategies will become standard        in the commercial software lifecycle. This will also put a focus on        data encryption technologies during storage and transit particularly        in the vetting of data access in the information and distribution        chain.    For a copy of the full report, go to:http://trendmicro.mediaroom.com/index.php?s=65&item=163

About Trend Micro:

Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Its flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. A transnational company, with headquarters in Tokyo, Trend Micro's trusted security solutions are sold through its business partners worldwide. Please visit http://www.trendmicro.com.

Copyright(C) 2008 Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo and TrendLabs are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.