Cyber crooks are becoming more destructive and inventive, according to Panda Security's latest cybersecurity and vulnerability report, despite the fact that they're less skilled and technically proficient than their predecessors.
This trend, which includes a resurgence in the number of traditional viruses and adware scams infesting the Internet, can largely be attributed to do-it-yourself malware kits sold online for just a few hundred bucks that can turn anyone with opposable thumbs and an Internet browser into a botnet-building juggernaut.
"One detail that really surprised us was the seemingly low level of technical knowledge of the suspects," PandaLabs researchers said in the company's security report for the first three months of 2010. "Yet the explanation is simple: They obtained the tools they needed on the black market."
This cottage industry of what amounts to hacking-by-numbers netted thieves bank account details, stolen credit card numbers, usernames, and passwords in record numbers in the third quarter, accounting for "millions in dollars" of losses for companies and consumers.
PandaLabs' own investigation uncovered what it called a "complex network" of suppliers offering a variety of services including the hacking of servers to be used as control servers; encryption services to make malware, such as the infamous Mariposa botnet, undetectable to antivirus applications; and anonymous VPN connections to help administer the botnets.
Further down the criminal food chain exists a network of clients who rent part of the botnet to distribute spam for pharmaceuticals or other malware, or who simply go directly to the source by purchasing stolen credit card numbers for whatever nefarious purpose they choose.
Financial data theft a key target
But banker Trojans -- which mimic legitimate banking sites and capture unsuspecting users' data for their operators -- are still the malware scam of choice for most hackers, Panda said. These account for more than 61 percent of new malware in the first quarter, compared to traditional viruses, which represented 15 percent on new attacks, a marked uptick from previous quarters and years.
"The simultaneous growth in traditional virus activity is an interesting trend and we suspect this means that cybercriminals are attempting to draw the attention of antivirus laboratories away from other seemingly more harmful threats," researchers said.
"The growing prevalence of banker Trojans signals to us that online accounts for both consumers and businesses continue to be increasingly attractive financial targets for cybercriminals," Sean-Paul Correll, a threat researcher at PandaLabs, said in the report. "In addition, the widespread availability of DIY kits online has spurred new, less technical individuals into the cybercrime business as evidenced by the Mariposa case."
Earlier this month, Panda Security discovered that a new Vodafone HTC Magic smartphone was shipped with several malware strains, including the potent Mariposa botnet, a ghastly vulnerability that potentially exposed smartphone users' login credentials and other personal data before they even had a chance to infect the devices themselves.
Of course, it's impossible to conduct a security report these days without taking note of the latest scams percolating on social networking sites and attacks that combine sites, such as Facebook and Twitter with BlackHat SEO attacks to spread malware throughout entire online communities.
"Everyday more users are signing up to Facebook, Twitter, and other networks and cyber crooks are consequently finding these sites an ideal hunting ground in which to find new victims," the report said.
Panda Security also noted a sharp increase in search-engine results scams for popular terms, such as Apple's iPad, the earthquake in Haiti, and a variety of malware-laden results for searches looking for new Facebook applications.