In the third issue of its Cybercrime Intelligence Report for 2009, Finjan shows how cybercrooks used a combination of Trojans and money mules to rake in hundreds of thousands of Euros and to minimize detection by the anti-fraud systems used by banks. After infection, a bank Trojan was installed on the victims’ machines and started communication with its Command & Control (C&C) server for instructions. These instructions included the amount to be stolen from specific bank accounts and to which money mule-accounts the stolen money should be transferred. The use of this Anti anti-fraud method signals a new trend in cybercrime.
During the first half of 2009 Websense Security Labs discovered:
-233% growth in the number of malicious sites in the last six months and a 671% growth during the last year.
-77% of Web sites with malicious code are legitimate sites that have been compromised.
-95% of comments to blogs, chat rooms and message boards are spam or malicious.
-57% of data-stealing attacks are conducted over the Web.
-85.6% of all unwanted emails in circulation contained links to spam sites and/or malicious Web sites.
A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab: