Cybercriminals go fly-physhing

July’s malicious activity according to Kaspersky Labs has shown that cybercriminals are targeting mobile devices, allowing them to intercept one-time transaction passwords. Hackers are also stealing frequent flyer miles and using them to buy tickets or for other fraudulent activity.

July in figures

The following statistics were compiled in July using data from computers running Kaspersky Lab products:

· 182,045,667 network attacks blocked:

· 75,604,730 attempted web-borne infections prevented:

¬∑ 221,278,929 malicious programs detected and neutralised on users’ computers:

· 94,004,507 heuristic verdicts registered.

This is how the situation looks when compared to June:

Trojan’s Mobile versions

As protection of online banking security continues to develop, cybercriminals are increasingly supplementing spy Trojans operating on users’ computers with mobile modules so they have a better chance of stealing money from the victims’ bank accounts.

A new version of the mobile spy Trojan ZitMo was detected in July capable of stealing mTAN codes, one-time passwords used when performing a remote transaction and sent to the bank customer via SMS. The mobile version of the notorious ZeuS Trojan has already been detected running on Symbian, Windows Mobile and BlackBerry platforms and now it has added Android devices to its list.

If a user’s computer is infected with ZeuS, and the mobile phone is infected with ZitMo, the cybercriminals gain access to the victim’s bank account and can intercept the one-time transaction password sent by the bank to the user. In this case, even authentication using mTAN codes cannot prevent the victim’s money from being stolen from their bank account.

Forbidden domain

It’s not only antivirus vendors who give cybercriminals a hard time. Last month Google excluded more than 11 million URLs with *.co.cc addresses from its search results. The ‚blocked’ domain zone is among the largest globally, ranking fourth after .com, .de and .net in terms of registered domain names. In most cases the domain’s URLs are used by cybercriminals to spread rogue antivirus programs or conduct drive-by attacks. However, it is difficult to say how successful Google’s campaign has been – there are indeed fewer cybercriminals using the .co.cc domains, but they have merely started using the services of other domain zone registrars.

Flying phish

Once again our prediction that 2011 would be the year that cybercriminals target absolutely any kind of data has proved only too true. In July, the experts at Kaspersky Lab uncovered an interesting development – Brazilian phishers have started stealing the ‚miles’ accrued by frequent flyers. Not only are they using them to buy tickets but also as a form of currency. In one IRC message, a cybercriminal was selling access to a Brazilian botnet that sends spam in exchange for 60,000 miles, while in another message air miles were offered for stolen credit cards.

Malware rating

Drive-by-download attacks remain one of the most popular methods of infecting users’ computers with malicious programs. Every month new entries that facilitate such attacks ‚ redirectors, script downloaders and exploits ‚ appear in the Top 20 malicious programs on the Internet. There were a total of 11 in July.

More detailed information about the IT threats detected by Kaspersky Lab on the Internet and on users’ computers in July 2011 is available at:www.securelist.com/en.

*