Rogue or fake anti-malware programs are increasingly being used by criminals to decrease resistance against their online gangster networks or botnets. According to the Anti-Phishing Working Group (APWG) report, Payment Services (‘online payment processors’) moved into the top position of targeted industry sectors in the first quarter of 2009, rising over Financial Services (‘banks’) for the first time since APWG began tracking the proportions of phishing attacks directed at each industry sector. Many unsuspecting Internet users are now being drawn into gangster botnets with rogue or fake antivirus software.
ROGUE ANTI-MALWARE PROGRAMS
According to Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst, rogue anti‐malware program proliferation is experiencing an exponential growth. In the first quarter of 2009 alone, more new strains were created than in all of 2008. The second quarter of 2009 painted an even bleaker picture, with the emergence of four times as many samples as in all of 2008.
“The primary reason for the creation of so many variants is to avoid signature‐based detection by legitimate antivirus programs. The use of behavioural analysis is of limited use in this type of malware because the programs themselves do not act maliciously on computers, other than displaying false information,” Corrons explained. Several methods are being used to create the many variants. One of the most widespread techniques is known as server‐side polymorphism, a technique in which every iteration of the fake antivirus software that is downloaded presents a slightly different binary file, making it harder for authentic anti‐virus systems to recognize.
“This kind of threat is following the same behaviour as other kinds of malware in the past (Trojans, etc.). At the beginning there were just a few gangs. The business model worked so new gangs got in the rogue ware business. Right now, we have more than 200 different gangs. Some of them started to generate a flood of samples to bypass signature‐based detections (10 of these gangs are responsible for the creation of 77.47% of the samples),” Corrons said.
DESKTOP CRIMEWARE INFECTIONS
Legitimate antivirus distributors gathers data from millions of computers worldwide through their scanning services to give a statistically valid view of the security situation at the desktop. The following statistics were obtained from one of the legitimate antivirus distributors:
Main Threat: Scanned computers belong to both corporate and consumer users in more than 100 countries and the scanning system checks for many different kinds of potentially unwanted software. ‘Downloaders’ and ‘Banking Trojans/Password Stealers’ have been identified as the main threat associated with financial crimes such as automated phishing schemes.
Infections: The total number of infected computers rose from 35 percent during the fourth quarter of 2008 to more than 54 percent (11,937,944) of the total sample of scanned computers towards the middle of 2009. Banking Trojans or password stealing crimeware infections increased by more than 186 percent during the same period. During the second quarter of 2009, there was also a 217 percent increase in detected downloaders. This is mainly due to a downloader called Zlob.LH that downloads and installs rogue anti‐virus software.
Information Source: Anti-Phishing Working Group (APWG) Report
Related posts:
[...] codes or viruses if not adequately protected. Furthermore rogue or fake anti-malware programs are increasingly being used by criminals to decrease [...]