IT security and data protection firm Sophos have just released their ‘2011 Mid-Year Security Threat Report’ highlighting new cyber threats to businesses, governments and consumers.
Alarmingly, they are now seeing 150,000 new malware samples every day. That’s a unique file almost every half second, up 60% compared to 2010. They’ve have also seen another 19,000 new malicious URLs each day in the first half of 2011, 80% which are legitimate websites that were hacked or compromised.
Sophos has over 100 million users worldwide and a global network of threat intelligence centres. Some of the most alarming new cyber threats they have detected include:
Fake Antivirus Scams Reaping Millions
In 2010, fake antivirus was one of the more persistent threats of the year. This trend continued in the first half of 2011, with attacks now also targeting Mac users.
Here’s how it works. While surfing the web a fake anti-virus message, usually delivered via a pop-up notification, warns users that their system has a virus. These notifications appear authentic, right down to logos and certifications that the scammers have stolen from legitimate anti-virus vendors.
The pop-up urges users to get rid of the virus by purchasing antivirus software to remove the threat. Of course, paying for this software doesn’t protect you, it only pays the perpetrators. And in many cases, these cybercriminals are also installing additional malware on your machine and stealing your credit card information. The FBI recently busted one such cyber-gang who swindled nearly a million people into buying its fraudulent software, netting more than $72 million for the offenders.
Search Engine Poisoning: A Growing Gateway For Malicious Attacks
Search engine optimization, or SEO, is a standard Internet marketing technique used by most companies to draw people to their sites. But when the bad guys exploit SEO, it’s known as SEO poisoning and it is on the rise.
Cybercriminals operate this scam by using black hat SEO techniques to rank their sites highly in search engine results on Google, Yahoo and Bing. If you click on their search engine listings, you are inadvertently redirected to malicious sites that load malware such as viruses, worms or fake antivirus Trojans onto your computer.
Known as a “drive-by download,” code can also load malicious PDF and Java components to exploit potential vulnerabilities in your computer software. If the attempted exploits succeed, malware is installed on your machine.
To maximize the number of victims, the crooks jump on search terms likely to generate a lot of traffic, including terms related to rapidly breaking news stories and popular “trending” topics… To read more subscribe to the magazine today!
