Cyber-crooks are using new technologies and reinventing forms of social engineering to ensnare consumers and businesses, security experts warn.

Trend Micro's latest Threat Roundup and Forecast 1H 2008 found an upswing in web threats, but a steady decrease in adware and spyware generated by outdated methods which can no longer compete with high-level security.

Social engineering tactics such as the Nigerian phishing scam have been around for decades, and cyber-criminals continue to refresh and modernise this form of trickery based on the latest trends.

For example, the tools and technologies used to create the interactive nature of popular social networking sites have become a landmine for cybercrime.

In March, Trend Micro discovered that over 400 kits designed to generate phishing sites were targeting top web 2.0 sites, free email service providers, banks and popular e-commerce sites.

Malware variants have generally been treated as separate individual threats. But today, profit-motivated web threats blend various malicious software components into a single web threat business model.

For example, a cyber-criminal sends a message (spam) with an embedded link in the email (malicious URL) or contained in an instant message.

The user clicks on the link and is redirected to a site where a file (Trojan) automatically downloads onto the user's computer.

The Trojan then downloads an additional file (spyware) that captures sensitive information, such as bank account numbers (spy-phishing).

Although seemingly one incident, blended threats are much more difficult to combat and much more dangerous for the user, Trend Micro warned.

Meanwhile, the 'fast-flux' technique is an additional example of criminals abusing technology developments.

Fast-flux is a domain name server switching mechanism that combines peer-to-peer networking, distributed command and control, web-based load-balancing and proxy redirection to hide phishing delivery sites.

Fast-flux helps phishing sites stay up for longer periods to lure more victims. For example, researchers are challenged to identify malicious Storm domains because developers are using fast-flux techniques to evade detection.

Trend Micro witnessed a dramatic increase in web threat activity during the first half of 2008, with web threats peaking in March at 50 million from approximately 15 million in December 2007.

On the decline are adware, trackware, keyloggers and freeloaders. In March 2007, Trend Micro found that approximately 45 per cent of PCs were infected by adware; by April 2008, only 35 per cent were reportedly infected.

In May 2007, approximately 20 per cent of PCs were infected by trackware, but that number had dropped to less than five per cent in April 2008.

Keyloggers also showed a small but steady decline with less than five per cent of PCs being infected.

Further reading:
More stories on these topics: Security:
Permalink  Comments  Forward
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Computing editor at feedback@computing.co.uk
Reader comments for this story
Post your comment Post your comment   What is this?
Like this story? Spread the news by clicking a link:   Post this to Delicious del.icio.us     Post this to Digg digg this     Post this to reddit reddit!

related content
latest news
A VirginTrain
Communications
BulletVirgin Wi-Fi is hit by delays
Onboard web service due to arrive in 2007 is behind schedule  21 Aug 2008
NHS procedure
Public Sector
BulletConservatives seek "vision" for NHS IT policy
The British Computer Society will conduct an independent review of NHS IT policy  21 Aug 2008
crowd of people
Public Sector
BulletGovernment urged to scrap paper census
Better public sector data sharing would provide all the necessary information, says think tank  21 Aug 2008
Click here for more More news
latest in depth
EU flags
Public Sector
BulletData retention plans draw further criticism
Privacy fears over directive that will allow organisations to view emails, texts and web use  21 Aug 2008
Men using mobile phones
Management
BulletIT staff survive credit crunch
Firms recognise need for IT ­ – but staff must keep skills up to date  20 Aug 2008
Oyster card
Public Sector
BulletMixed reaction to decision by TfL to end Oyster contract
Transport for London cuts its ties with the TranSys consortium and begins plans for its replacement  21 Aug 2008
Click here for more More in depth

Advertising Marketplace

Sponsored links

Featured jobs

IT Business Analyst
Leek Wootton, United Kingdom | Warwickshire Police
 IT Business Analyst - Leek Wootton, Warwickshire - £29,112 - £31,491 PA - 37 hrs per week   Everyone who works for Warwickshire Police helps to protect our communities from harm. Work with us and ... more >
Senior Programmer
London, United Kingdom | British Museum
Senior Programmer - The British Museum - £40k+ - London   Although steeped in history, the British Museum is constantly striving to improve access to and understanding of one of the world's most diverse collections of antiquities from cultures ... more >
Netcool Designer / Engineer
Reading, Berkshire, United Kingdom | EDS
Job Title Netcool Designer / Engineer Location Reading Short Description: DII The DII project is contracted to supply both hardware and software infrastructure solutions to support the MoD transition to a common base solution, based ... more >
IT Development Manager/Project Manager
Guildford, Surrey, United Kingdom | Enstar
 IT Development Manager/IT Development Project manager - Guildford - £40k - £60 plus benefits   Enstar (EU) Limited (formerly Castlewood (EU) Limited) is seeking an IT Development Project Manager and an IT Development Manager to ... more >
Click here for more  More job opportunities