> TECHNOLOGY >
Targeted security threats
Trend Micro has reported an
increase in targeted information security threats for the last five
quarters. The report revealed that more targeted attacks are using social
engineering tactics and replacing mass, fast spreading worms.
Trend Micro has released its Q1 security threat landscape report that
highlights a significant increase in attacks that aim for specific users
instead of a large-scale epidemic.
According to Trend Micro analysts, these targeted attacks are replacing
global mass outbreak as hackers are now motivated by monetary rewards rather
than gaining notoriety. These cyber criminals remain anonymous in the
background as they design variants that continually change and move to avoid
detection from anti-virus software.
"This report spells out the changing landscape of online threats as cyber
criminals grow in sophistication. The motivation and modus operandi has
evolved as users get more careful with their online habits, which then force
these criminals to devise new ways to lure users," said Ross Wilson,
managing director, Consumer Products and Services, APAC Region, Trend Micro
"The challenge is for consumers to realise and understand these threats,
especially since the recent threats are more insidious than before. Personal
and business users need to equip themselves with the right set of knowledge
and a robust anti-virus solutions to completely immunise themselves against
these threats," he added.
Key findings of the report include:
Social engineering is the most popular strategy
The report states that these attacks employ social engineering to lure users
into their websites or opening attachments in their emails. In February
2006, a Trojan horse spyware called TROJ_VB spread by drawing on the news of
Australian Prime Minister's heart attack to trick unsuspecting users to
visit a fake news website. Once the user visited the page, the spyware
triggered an automatic downloading programme and captured the banking
information on the network without the user ever knowing.
Asian spam is on the rise
Japanese and Chinese language spam made up the biggest non-English spam at
58 per cent and 33 per cent respectively. This meant that it overtook
Russian and Spanish as the largest non-English groups. According to Trend
Micro, the reason there is an increase in Asian spam is the less stringent
legislation against it as compared to Europe and US.
Gambling websites have become phishing targets
Trend Micro discovered the first online gambling website to be a target of
phishing. Members of PartyPoker's website had their online account
information stolen when they logged in to the fake website.
This is apparent in the growth of phishing websites during the last quarter
when compared to last year's figure. The increase in number was mainly due
to the release of Rock Phish kits that made it easier for amateur hackers to
create phishing sites at the end of 2006. According to Gartner, Americans
suffered US$2.8 billion in financial losses because of phishing in 2006, out
of which the Rock Phish organisation gets more than US$100 million.
Discovery of spyware that deletes illegally downloaded media files
A breed of malware emerged from Japan last year that deleted all illegally
downloaded music and video files. The two variants, TSPY_DENUTARO and
TSPY_DENUTARO.DM are believed to have been executed by an anti-piracy
organisation. The file appeared as a .ZIP file and once clicked, will start
to delete media files and this message in Japanese then appears:
"Although Isamu Kaneko has already been sentenced, are you still using Winny?
I hate people like you who use Winny."
Winny is Japan's most popular P2P file sharing application and its author,
Isamu Kaneko was convicted last year for assisting copyright violators and
sentenced to pay a fine of 1.5 million yen.
For a copy of the full report, go to