'Crimeware-as-a-Service' Fuels New Security Threats, Warns Report

“Crimeware-as-a-Service” is fueling the rapid development of sophisticated new threats, finds a report from CA Technologies.

Nearly two billion people today use the Internet to conduct business, communicate with family and friends, stay-in-touch with current events and entertain themselves – and in doing so, expose themselves to an extensive and growing number of malware threats.


In the State of the Internet 2010: A Report on the Ever-Changing Threat Landscape report, researchers identify more than 400 new families of threats--led by rogue security software, downloaders and backdoors.  Trojans were found to be the most prevalent category of new threats, accounting for 73% of total threat infections reported around the world. Importantly, 96% of Trojans found were components of an emerging underground trend towards organized cybercrime, or “Crimeware-as-a-Service.”


“Crimeware isn't new, but the extent to which a services model has now been adopted is amazing,” said Don DeBolt, director of threat research, Internet Security, CA Technologies. “This new method of malware distribution makes it more challenging to identify and remediate. Fortunately, security professionals and developers are diligent about staying one step ahead of these cyber criminals.”


The most notable threats and trends of 2010 to-date include: rogue or fake security software, crimeware, cloud-based delivery, social media as crimeware market, spamming through instant messaging (SPIM), and email spam. Interestingly, the report witnessed Mac-related security threats including traffic redirection, Mac OS X ransomware ‘blocker’ and notable spyware ‘OpinionSpy’.


CA urges users to be security-aware when accessing information via the Internet and have provided the following security tips to help ensure safe computing, including:


1.     Do NOT open email from people you don’t know. Think twice and verify before clicking a URL or opening an attachment.

2.     Implement a strong password that you can remember.

3.     When conducting online banking or financial transactions, make sure your browser connection is secure.

4.     Encrypt online communication and confidential data.

5.     Back up your important data. Keep a copy of all your files and store them separately.

6.     Be cautious about instant messaging. Avoid chatting with people you don’t know.

7.     Protect your identity while enjoying online social networking activities. Be wary of clicking links or suspicious profiles. Be aware when installing extras such as third party applications; they may lead to malware infection, or attackers could use them to steal your identity.

8.     If you are using Adobe PDF Reader, prevent your default browser from automatically opening PDF documents.

9.     Check for and install security updates regularly.






Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern