E-crime gangs turn to expanded extortion model

A new report by the APWG reveals that e-crime syndicates are expanding conventional, email-based phishing campaigns and their target base, as the report returned record highs for the number of submitted phishing reports and the number of phishing websites detected – as well as a new record for the number of brands hijacked in phishing campaigns.

Furthermore, these syndicates employing rogue anti-malware programs have turned from mining personal financial data with these crimeware programs to an extortion model whereby the attackers demand ransom for unlocking a PC that has been infected with so-called ransomware code masquerading as anti-virus software.

APWG Secretary General Peter Cassidy said, “Electronic crime gangs are working harder and smarter in most every dimension that we probe. In this report, we see syndicates deploying ever larger numbers of phishing mails and phishing websites, attacking a record number of brands – and expanding an apparently profitable criminal business model to a much larger scale of distribution.”

The APWG report, combining data from APWG members MarkMonitor, Websense and Panda Security with the APWG’s own statistics, found that:

• The number of unique phishing reports submitted to APWG for Q3, 2009 reached a record 40,621 in August – 10 percent more than the previous record in September, 2007.
• The number of unique phishing websites reported reached a record 56,362 in August, displacing the previous reported high of 55,643 in April, 2007 by 1.3 percent.
• The number of hijacked brands rose to a record 341 in August, up more than 10 percent from the previous record of 310 in March 2009.
• The number of detected rogue anti-malware programs – fake security software that actually infects computers to animate assorted electronic crimes – fell by nearly 60 percent between June and July of 2009, as e-crime gangs turned away from massive distribution schemes for this kind of crimeware to mine personal data from PCs to an apparently more successful ransomware model that require less aggressive circulation to return optimal profitability.
• In addition, the number of unique brand-domain pairs rose to an all-time high of 24,438 in August, increasing more than 8 percent from the previous high of 21,085 in June 2009.

Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst, said, “Unlike banking Trojans, where cybercriminals have to infect a PC, steal data, etc. a rogueware attack simply fools a user into paying for worthless software – or forcing them to make a ransom payment. The user is the one willing to pay in order to “disinfect’ their PC – or free it from a cybercriminal’s control.”

In addition, the number of unique brand-domain pairs rose to an all-time high of 24,438 in August, increasing more than 8 percent from the previous high of 21,085 in June 2009.

Other highlights of the Q3, 2009 Phishing Activity Trends Report include:

• Financial Services rose back to the top of most targeted industry sectors in Q3 after being displaced by Payment Services in Q1 & Q2 of 2009
• Over the quarter, the proportion of crimeware-specific (malicious code designed specifically against financial institutions’ customers) malware remained consistent, while data-stealing malware rose
• The total number of infected computers dropped to 11,001,646 in Q3, representing more than 48 percent of the total sample of scanned computers.

The results of the Q3 report are of grave concern to the global membership of the APWG and the research centers, treaty organizations, law enforcement agencies, government agencies and industry associations with which the APWG corresponds.

The full report is available here.