Internet threat news

Internet criminals are always looking for new ways of spreading their misleading applications. Most commonly they use spam campaigns, hijacked websites and various redirects. Search engine result poisoning are also used to spread malware, Cyber criminals are waiting for some global event and then creates optimized websites to distribute their rogue programs. While on their quest of infecting as much computers as possible, Internet criminals are able to compromise legitimate Ad networks and serve their misleading applications through websites which uses the services of the mentioned ad networks. This strategy allows them to reach a very wide auditory of computer users and infect thousands of machines. Latest research shows that Internet criminals were able to compromise several ad servers which are running OpenX ads. They were able to add malicious JavaScript to Ad servers which redirects computer users to misleading websites serving malware. The added script allows adding additional iframe element to the page which then loads content from servers controlled by Internet criminals. This a very powerful technique allowing Cyber criminals to control a very high volume of web traffic.

Recently the a type of malware were released which targets commercial and business online banking users. This type of malware has never been recorded before - infection is using a live chat function to trick online banking users into giving away their sensitive personal information.

Cybercriminals are using Shylock malware platform to distribute their new type of scam, this particular method is very hard to detect and remove. The Shylock malware is able to hide in the memory of the infected computer, it uses very sophisticated methods to remain undetected - it doesn't create a new process rather than that it is able to suspend new processes of legitimate programs from initiating for a couple of moments and then injects them with it's rogue code. Furthermore Shylock uses Watchdog functions to detect antivirus scanning operations. If this malware senses that a security program is beginning initiated it will remove it's registry entries and files and will remain active in the memory. To reinfect your computer, Shylock malware hijacks Windows Shutdown function, just before your computer shuts-down it is able to write the previously deleted registry entries and files back to your computer.

Website hacking is a commonly used method by Internet criminals to perform their malicious tasks. Looking for security vulnerabilities and then attacking a website is beneficial for Cyber criminals in many ways - they can exploit the bandwidth, hosting etc. of the hacked website.

Most valuable prey for an Intent criminal is authority websites, as we all know most of the nowadays security suites comes with Internet security features which uses databases of known bad or good websites to prevent computer infections in the first place. When Cyber criminals are successful in hacking a website with a clean history, the number of people computers that gets infected rises drastically.

The new quarterly report from McAfee revealed that there were more that 75 million new malware samples released in 2011. Last quarter of 2011 was profitable for Android malware developers, this segment is continuing to grow, most popular threat used infecting mobile users were sms sending Trojans. When infected with such trojan your mobile device will automatically send out sms messages to a costly subscription services which are operated by Internet criminals. Other prevailing threats used for Android devices where rogue rooting apps.

The malware segment has continued to decline comparing to the year 2010, while there are still more than 75 million new malware samples detected. The last quarter of year 2011 has shown a growth of TDSS family root-kits, these infections are used in distribution of other computer threats, and are designed to stay stealth on an infected computer for a long period of time.

"Gameover" is a malware which is specifically designed to steal usernames and passwords used when logging to your banking account. This malware is an updated version of it's predecessor called Zeus.

As it's previous version "Gameover" is created with only one purpose - target banking accounts information. Recently we have seen a rise in fake email messages which is used to spread this malware. Internet criminals are using such names as NACHA, FDIC, the Federal Reserve etc. When sending their misleading spam emails Internet Criminals are telling unsuspecting computer users that there are issues with their banking account, they include a link in their email messages which supposedly will help to resolve there problems. The truth is that when you click on such link you computer will be infected with a variant of "Gameover" malware which will then start monitoring your banking account login pages and will start sending the collected data to the Internet criminals.

Latest research on online surveys conducted by the Ponemon Institute and sponsored by PC Tools showed that American computer users are likely to take online surveys and reveal their personal information.

Recently spammers flooded Facebook with misleading messages offering free gift card for Starbucks coffee. This message is designed to trick unsuspecting Facebook users into further spreading this fake offer.

According to PandaLabs Internet criminals has released more than 5.000.000 new malware samples this quarter. Most of the spread infections were Trojans ( 3 of every 4 new malware samples were Trojans).

A new scam message are being spread through botnets. The message itself looks like a traffic ticked that came from New York State police. This spam message states that you need to print out the enclosed traffic ticked and send it to town court. Don't trust this message it's a scam. Internet criminals are using this spam message to spread fake antivirus programs.

A new scam pretends to be a breaking news video about a serial killer called "Facebook Killer".  Scam message:

Spammers are trying to scam unsuspecting Google Adwords users. Lately there was an outbreak of phishing emails that target Adwords users and tries to collect their user names and passwords. First you will receive an email that looks like it was sent by Google, this email states that your Google Adwords campaign stopped running.

Group of hackers called "Swag Security" has broken into Lady Gaga's United Kingdom website and stole her fan's database. Stolen data included names and email addresses. Swag Security has hacked into popular singer's website on June 27, but the stolen information appeared public only this week.

Police in the United States and seven other countries have seized several computers and servers that were used in the implementation of the fraud scheme, making it possible to absorb more than 72 million dollars from the victims who bought fake anti-virus program.
Twenty-two computers and servers through Operation Trident Tribunal has been taken in the United States, and another 25 countries - France, Germany, Latvia, Lithuania, Netherlands, Sweden and the United Kingdom on Wednesday, said the U.S. Department of Justice. As stated by law enforcement officials, criminals managed to install fake anti-virus programs on 960 thousand computers. Fake antivirus software scams the victims to reveal their credit card details for any resolution of a non-existing computer problem.

According to Microsoft, Internet Criminals are using phone calls to offer computer users free security scans and then steal personal information. Scammers pretend to be computer security experts from well-known security companies. When they call the victim, they state that users computer is at risk and then they offer a free security check. If user agrees, cyber criminals can easily steal private information such as passwords or banking information.