Password, ID Stealing Malware Volume Jumps 400%

By Lawrence Walsh  |  Print this article Print


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

Malware such as Clampi and Sinowal that steal passwords and authentication credentials are becoming far more common and dangerous. They are increasingly more adept at avoiding detection by conventional security measures and more able to defeat security precautions to prevent data theft. This threat will require all organizations with sensitive data to think beyond antivirus and firewalls.

Clampi, the Trojan that Secure Channel wrote about yesterday, is a fine example of why we’ll never see another Code Red, Nimda or LoveLetter virus again. The intent of malware is no longer to cause mass service disruptions, but rather to steal as much information as possible without getting detected.

Trojans, worms, viruses and rootkits the likes of Clampi, Sinowal and StealthMBR are now the masters of the malicious code. McAfee’s Avert Labs released a new report that shows the volume of password-stealing and keystroke logging malware jumped nearly 400 percent between 2007 and 2008. McAfee’s prediction: the trend will continue to expand in both volume and scope. This trend will force organizations handling even routine data to think beyond conventional antivirus applications and perimeter firewalls for their security.

Hackers have long used social engineering techniques, phishing (mass mailings) and spear-phishing (targeted mail attacks) to trick users into giving up sensitive information. McAfee concludes that these techniques’ effectiveness is limited since they don’t capture nearly enough account credentials for trading.

Database attacks such as those against TJX and Heartland Payment Systems that resulted in tens of millions of credit card numbers being compromised are effective in capturing large amounts of financial and identity data, but also carry a high degree of risk.

Sophisticated malware designed to observe and report are far more effective ways of intercepting user credentials for banking and credit card accounts, and—in some cases—hijacking live sessions. Credential stealing malware will use spam, phishing and compromised web sites to transparently infect machines.

Making matters worse, malware like Clampi and Sinowal no longer collect data globally, but rather target applications and subroutines to steal specific bits of information. Older generations of data-stealing malware made a lot of noise by infecting operating systems and hooking into APIs. They collected copious amounts of data this way, which made them susceptible to detection by host-based intrusion detection/prevention applications. By targeting specific applications and data sets, the malware lowers its profile to avoid detection by conventional security scanners and analyzers.

>> Click here to read the full report and join the discussion on the "Secure Channel" blog


Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...