The most successful attacks of 2009, as in previous years, required a successful social engineering component at one stage of the attack or another. For instance, fake antivirus scams exploit common security fears, while fake code malware teases individuals to the point where they lack the patience to really think about what they are being asked to do.
In addition, death, disaster and drama have become hugely effective vehicles for spreading malware. These tactics are explored in more detail below.
As part of a comprehensive review of 2009, Blue Coat Systems has compiled this list of the most common (and successful) bait and scams the bad guys are using to install malware on unsuspecting users’ systems and steal personal information.
Click through to see the most successful scams of the last year that are still out there, threatening your users.
In 2009, the deaths of Michael Jackson, Farrah Fawcett, Patrick Swayze and other celebrities were all exploited by spammers, phishers and scammers alike. Fake video clips of funerals, the concert Michael Jackson was working on when he died, or other ‘exclusive’ content were used to trick users into downloading malware. Fake antivirus attacks were also added to the mix. And while Michael Jackson’s death may have had global appeal, events around regional celebrities were also leveraged in targeted attacks.
Natural disasters, such as the devastating earthquakes in Haiti and Chile in early 2010, are often used in fake disaster relief scams. But in 2009, few natural disasters attracted global interest, so cybercriminals launched more targeted campaigns focused on regional events.Manmade disasters were also exploited in a number of Web-based attacks. One scam claimed to have recovered $1.3 billion in funds hidden by convicted Ponzi schemer Bernard Madoff.The site asked victims to submit personal information to verify their entitlement to a refund – a shameless effort to further exploit victims of financial fraud. During periods of slow disaster news, cybercriminals repurposed older disasters, such as 9/11, by driving users to ‘commemorative’ sites that doubled as a fake antivirus attack.
In 2009, there was no shortage of high-profile drama. Serena Williams’ outburst at the U.S. Open and publicized indiscretions of Tiger Woods were both leveraged quickly through poison search attacks and other activities. These searches often led to a fake virus warning and product offer. Also, the tremendous success of the Twilight books and movie fueled fake video clips timed with the movie’s release.
Today’s cybercriminals are extremely flexible. In addition to exploiting death, disaster and drama, they can target holidays and seasonal events with specialized messaging. For example, search engine manipulation techniques are especially effective during key shopping seasons, such as Christmas. Fake antivirus offers are also more successful during back-to-school season or other major computer buying times, when consumers may be more susceptible. Fake video codecs also spike during major sporting events.
The ‘Canadian Pharmacy’ was one of the top Internet scams of 2009. Interestingly, it was also one of the most prevalent e-mail spam campaigns. Users typically found the site after receiving an e-mail or while researching a new drug, perhaps one prescribed by their doctor or denied by insurance. Sites would appear on short-lived URLs, shifting rapidly to avoid being detected in spam filters or blocked by database-driven URL filters.Many of these sites operated outside of North America and primarily conducted the transactions without using the SSL security most legitimate companies use for financial transactions. Users who submitted payments through these malicious sites either received a different product, a placebo or no product at all.This is also an example of the trend towards greater complexity in blended threats. Some of these scam sites have been linked to distributing credit card and other personal information gathered during the transaction process. Many also launch malware known as Trojan ‘droppers’ onto the PCs of visitors. The ‘Canadian Pharmacy’ has been a very successful campaign, so cybercriminals have applied it to a variety of attacks.
Given the 2009 global economic downturn, it should not be surprising that financial scams remain very successful, and that they come in a variety of flavors. In 2009, the ‘Get rich quick using Internet sales’ theme was the specific angle most often used. These scams often piggybacked on the marketing messages of real companies like Google, which offer genuine programs to make it easier for people to move their business online. Scam e-mails and Web sites applied similar messaging to their campaigns, which made them appear legitimate.
‘Cheap stuff’ scams were also very prevalent in 2009, appealing to people looking for expensive products at a low price. Watches were the most common products offered, but many other designer products have been used as well. The logistics behind these sites are similar to the Canadian Pharmacy: they move around frequently and fail to use secure communications for financial transactions. And, of course, the customer faces similar risks, such as receiving no product at all, identity and credit card theft and malicious downloads.
‘Work from home’ offers targeted the increasing number of unemployed people in 2009, as well as those in need of additional income. Mortgage-related scams also increased as interest rates dropped. These scams enticed existing homeowners with fake refinancing options to help them lower their payments or credit card offers with higher limits or lower interest rates. Some of these scams targeted new and first-time homebuyers.
‘Bankruptcy’ scams targeted those who felt they were beyond the help of getting rich quickly, working from home or refinancing their mortgage. In addition to bankruptcy scams, ‘FOREX Currency Trading’ also targeted financially desperate people with ‘get rich quick’ or ‘work from home’ offers, and grew tremendously throughout 2009.