According to the internet security firm Websense there has been a sharp increase in the amount of spam being sent out by popular email accounts. Meanwhile, Mike Halsey writing for connectedinternet.com (October 7, 2009) says the latest problem comes after “a massive phishing attack, where emails are sent purporting to be from a reputable website that asks users to log into fake websites, thus revealing their usernames and passwords, resulted in at least 30,000 email addresses being published online.”
Phishing attacks usually only fool one in a thousand internet users, but when millions are sent out a tiny response rate can yield dividends for the fraudster.
Keylogging behind Latest Internet Attacks
BBC News (October 7, 2009) quotes Amichai Shulman from the security firm Imperva as saying the current problem is related to “keylogging.”
“Unlike a traditional phishing scam,” writes the BBC, “which lures people into revealing their details on fake websites, keylogging records individual key strokes.”
By infecting a website, a key-logger can monitor key strokes that might reveal login details, social networking information, webmail services, or bank account content.
Matthew Hopson at neowin.net (October 7, 2009) writes that “Key-loggers can be downloaded automatically, but in most cases the user is tricked into downloading the malware under the guise of a free anti-virus or performance improving program - something that can even occur on trusted websites.”
Malvertising Tricks the even the Internet Savvy
As the volume of advertising increases on the internet bogus material is making its way into trusted environments. The practice is called “malvertising, ” and writes Bobbie Johnson of The Guardian (September 25, 2009) some prominent names have been compromised: “Sites hit by a series of recent strikes include the New York Times and Horoscope.com, each of which receive millions of visitors every day.”
Johnson adds that “malvertising attacks…can sometimes even inject malicious code directly to a computer as soon as the target sees the compromised commercial.”
Phishing on the Increase
Internet providers say they’ve noticed an increase in these kinds of attacks over the last couple of years.
On October 5, 2009 a spokeswoman for Microsoft said “Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme.”
On the same day computerworld.com quoted Dave Jevans, the chairman of the Anti-Phishing Working Group as saying, “That's a big result for a phishing campaign. But it’s not outside the realm of possibility. We’ve seen 50,000 to 75,000 [compromised] accounts when phishers target an ISP with millions of users.”
Microsoft says there are about 400 million registered Hotmail users, although not all of them are active.
What to Do to Avoid Becoming a Malware Victim
Internet security experts say it’s vital to have up-to-date anti-virus and anti-spyware software installed on computers. It’s not a bad idea also to change passwords and security questions regularly.
Never answer an email inquiry from a bank or any other financial institution asking that security information be updated.
Another tactic used by hackers is to post a notice on a potential victim’s computer screen saying a virus has been detected. The innocent target of this scam is then told to download anti-virus software that will cure the problem. But, of course, the software is malware and can cause all sorts of problems.
