By Kevin Voigt, CNN
December 13, 2009 10:25 p.m. EST
- The past 12 months have been a banner year for cybercrime
- 87 percent of e-mail traffic the past year was spam
- Analyst: “The way it’s trending now, the Web could be so full of rubbish that people won’t trust it.’
(CNN) — The past 12 months have been a banner year for cyber crime. And that could be bad news for the future of e-commerce.
“At current trends, in three or four years people will start to think twice about transacting on the Web, individuals and businesses,” said Michael Fraser, director of the communications law centre at the University of Technology Sydney.
“The way it’s trending now, the Web could be so full of rubbish that people won’t trust it,” Fraser said. “That could destroy the potential of the whole knowledge economy, which so many developed economies are counting on for the competitive advantage.”
According to antivirus maker Symantec, 87 percent of e-mail traffic in the past year was spam, compared to just under 70 percent in 2008. More than 40 trillion spam messages were sent according to Symantec, which monitors about a third of the world’s e-mail traffic. That’s about 5,000 spam messages for every person on the planet.
More of that spam is harboring malicious software, or “malware,” — 2 percent of spam contained malware, a 900 percent increase from the previous year.
Video: Shopping safely online
Malware comes in a variety of forms that can search computers for bank information and personal details for identity theft, or hijack computers to become foot soldiers in a spamming army of zombie “botnets” — often unbeknownst to the owner. In Australia alone, an estimated 10 percent of computers are infected with malware, Fraser said. “And we’re relatively low because we have less (broadband penetration) than many other countries,” he said.
The past year saw an explosion of individuals on social networking sites such as Facebook having their accounts compromised and spam being sent to friends within their network.
In this way, cyber criminals have made the attacks more personal because they are sending out messages appropriating victims’ names, says Marian Merritt, an Internet safety advisor for Norton, the antivirus brand produced by Symantec. “In the past, people felt annoyed by spam, they didn’t really feel a sense of being attacked,” Merritt said. “But if your Facebook account is hacked, it’s embarrassing.”
The past year has seen the rise of “scareware” — malware that parrots a legitimate antivirus software program and then infects the computer with “the very malware it purports to protect against,” a Symantec report said. For a 12-month period ending June 30, Symantec received 43 million reports of scareware installation attempts.
“That took a lot of us in the industry by surprise the past year,” Merritt said. “You get a pop-up ad saying, ‘you have multiple viruses’ then asks you to download the antivirus software. Once you download those programs, they hold you hostage.”
The speed of news
The past year saw the rising speed and popularity of malware spam and Web sites with touts related to current events and celebrity news. “Who killed Michael Jackson?” “Get swine flu medicine here” and “Full eBook Harry Potter” were some popular online traps to open dangerous e-mail attachments or be directed to Web sites’ malware.
“If you want to know what spam will be hitting tomorrow, look at Google Trends today,” said Merritt, referring to Google’s site that shows hot topics and searches by its users.
One of the most alarming incidents in 2009 for governments and policy makers was the July 4 attacks on U.S. government sites, such as the White House, the New York Stock Exchange and Nasdaq — followed a few days later by similar attacks on Web sites in South Korea. According to a research paper by antivirus maker McAfee, both attacks were made by the same “botnet” of 50,000 computers, which spammed targets with so many e-mails their IT systems were overwhelmed.
— Have antivirus software, anti-spyware and firewall
— Never respond to spam
— Don’t open suspicious emails or attachments
— Never provide passwords or personal information to unsolicited emails or Web sites
— When asked to ‘allow’ or ‘deny’ an application access to the Internet, choose deny unless you are confident in the safety of the site you are accessing
— When shopping or banking online, make sure website contains an “s” after http (as in https) . Look for the ‘lock’ icon in lower right corner
Sources: Symantec and Trend Micro
North Korea was suspected as the originator of the attack, leading Dmitiri Alperovitch, vice president of threat research at McAfee, to suggest one motivation of the attack “could have been to test the impact of flooding South Korean networks and the transcontinental communications between the U.S. government … (which) would provide them with a significant advantage in case of a surprise attack.”
The attack highlights the problem of security on the Internet — a transnational attack, using commercial services and tens of thousands of personal computers. To fight the attacks would take strong local and international laws on cyber security, a great deal of cooperation among commercial providers and effective systems to report the crimes — none of which is happening today, Fraser said.
“The community doesn’t know where to turn to when these crimes occur, and the police don’t know how to report it or record it, and prosecutors and court systems have a hard time coping with cases that involve gigabytes of evidence,” he said.
Looking ahead to 2010, antivirus maker Trend Micro predicts that there will be more attacks on Mac operating systems. Previously ignored by malware makers because of its relatively low market share, the booming popularity of iPhones is drawing the attention of cybercriminals.
“As the mobile OS landscape changes, and with devices comprising a huge amount of memory and storing a host of sensitive data, devices such as the iPhone and Google Android may increase as popular targets for bad guys,” Trend Micro reports in its December report, “the Future of Threats and Threat Technologies.”
The introduction this year of domain names in languages other than English — such as Russian, Chinese and Arabic — will also expand the hunting grounds for cyber crime, Trend Micro reports.