Sophisticated campaign tracking and dramatically increased use of social networking technologies, such as Facebook and Twitter, were two of the top trends in cybercrime in 2009, according to a new report released Tuesday.


Criminal attacks using social networking sites increased by 500 percent between 2008 and 2009, according to the Blue Coat Web Security Report for 2009, by application delivery network provider Blue Coat Systems. That makes those sites the top focus for cybercriminals’ activities.

“Ever since the ILoveYou virus, the average user has known that e-mail can be dangerous,” Chris Larsen, senior malware researcher and engineer for Blue Coat Systems, told eSecurityPlanet.com. “People know to be careful with e-mail.”

But while users have learned to be careful with e-mail, many still haven’t made the connection that links or attachments in forum posts, Facebook pages, and tweets carry the same risks as links and attachments in e-mail.

“They’re used to thinking of their forum or their Facebook page as a trusted, friendly place,” Larsen said.

Users’ cavalier attitudes toward content on social networking sites are not the only reason criminals target such services; criminals can target many more victims through social networking technologies. According to Nielsen Co., in August 2009, 276.9 million people used e-mail in the US, several European countries, Australia and Brazil. In the same period, the number of users of social networking and other community sites was 301.5 million. In other words, there are ten percent more users of social networking and community sites than users of e-mail in the countries studied.

“Cybercriminals closely followed 2009 Web surfing trends looking for opportunities to exploit them,” the Blue Coat report noted. “As a result, social networking sites and services like Facebook and Twitter, Web-based business services from Google and social networking and smart phone apps have all been targets for attack. In fact, the app market as a whole, which is still emerging and largely unregulated, is fertile ground for criminal activity. For instance, malicious apps disguised as gaming apps have already hit the market. What’s worse, many companies sell untested apps in their online stores, leading customers to believe these products are reliable and legitimate.”

Blue Coat said that many of the attacks using social networking services can be attributed to a loose social environment in which users identify complete strangers as “friends” with few or no qualifications. In December, British security and data protection firm Sophos reported that it had conducted a probe that showed 46 percent of Facebook users were willing to befriend complete strangers and thus hand over personal information.

“As with so many successful Internet attacks, the primary security breach starts with an individual user who unintentionally opens the door to attack,” the Blue Coat report said.

Online criminals and their crimes are also becoming ever more sophisticated. The image of the lone hacker persists in the popular consciousness, but today’s cybercrime is big business and largely the province of organized crime.

“We’re definitely up in the hundreds of millions of dollars and I’ve seen estimates up in the billions for computer fraud,” Blue Coat’s Larsen said.

Larsen added that criminal organizations are using sophisticated marketing-like techniques to measure the effectiveness of their “campaigns” and optimize search terms.

“Everything has an affiliate code these days,” Larsen said. “They want to know which things are successful, which search terms, which bait pages.”

Larsen noted that the Zeus Trojan horse, which criminal organizations can buy as a package in underground forums, includes Web traffic analysis tools that rival or exceed the tools available to legitimate companies.

The threats themselves are also growing more sophisticated. Unlike the massive, single-purpose viruses of a decade ago, Blue Coat said today’s attacks involve thousands of similar, but slightly different threat components that rapidly adapt to thwart security measures. They are viruses, Trojans and other programs combined to form “blended threats.” Fake antivirus and fake video codecs remain the most popular vector for attacks.

“Blended threats grew faster in 2009 than in any previous year,” Blue Coat’s report said. “In one type of attack, dozens or even hundreds of Web sites are created, some to serve as phishing sites, some to deliver multiple and different forms of malware, some appearing as fake search results, and others are simply bait pages. Bait pages are designed to attract visitors by giving the appearance of legitimacy by including semi-legitimate content and cross-referencing each other. Otherwise known as “link farms,” this level of blended attack first appeared in late 2008, but matured in 2009.”

Blue Coat noted that IT organizations’ best bet for combating these threats in 2010 and beyond is to implement real-time antivirus and Web filtering, together with a cloud service that can respond in real time without manual updates. It also suggested that IT organizations focus attention on security for mobile and remote workers, which often operate outside the corporate network.

Thor Olavsrud is a former senior editor of InternetNews.com and has covered operating systems, standards, and security, among other things.