The majority of users are still oblivious to the fact that someone somewhere may be interested in what they are doing. They still believe that there is nothing on their computers that is of value to cybercriminals and that they are invulnerable to malware. This article takes a look at the issue from the other side i.e. from the cyber criminals’ point of view.
Cybercrime has evolved considerably over the past few years with new technologies being created and applied. As a result, cybercrime is no longer committed by individual amateurs; it’s become a lucrative business run by highly organized groups.
It's been variously estimated that during 2005 cyber criminals made from tens to hundreds of billions of dollars, a sum that far exceeds the revenue of the entire antivirus industry. Of course, not all this money was “earned” by attacking users and organizations, but such attacks account for a significant proportion of cyber criminals’ income.
In this two part report, the first part will examine attacks on users and the second part will discuss attacks on organizations. This first part includes an analysis of what kind of virtual property is attractive to cyber criminals and what methods are used to obtain user data.
What is Stolen
So what kind of virtual property is of interest to a cyber thief?
A study of malicious programs conducted by Kaspersky Lab virus analysts shows that four types of virtual property are most often stolen. It should be stressed that cyber scammers do not limit themselves to stealing the information listed below.
Information most frequently stolen from users includes:
- data needed to access a range of financial services (online banking, card services, e-money), online auction sites such as eBay, etc.;
- instant messaging (IM) and website passwords
- passwords to mailboxes linked to ICQ accounts, as well as all email addresses found on the computer;
- passwords to online games, the most popular of which are Legend of Mir, Gamania, Lineage and World of Warcraft.
We’ll take a look at why such data is stolen and what happens to it once it has been stolen later in this article (Dealing in Stolen Goods). The following section provides an overview of how the information is stolen.
How it's Stolen
In most cases, cyber criminals use dedicated malicious programs or social engineering methods to steal data. A combination of the two methods may be used for increased effectiveness.
Let’s start by taking a look at malicious programs which are designed to spy on users’ actions (e.g. to record all keys pressed by the user) or to search for certain data in user files or the system registry. The data collected by such malicious programs is eventually sent to the author or user of the malicious program, who can then, of course, do what s/he wants with the information.
Kaspersky Lab classifies such programs as Trojan-Spy or Trojan-PSW. The graph below shows the increase in the number of modifications in this category:
Figure 1. Growth in the number of malicious programs designed to steal data