Password, ID Stealing Malware Volume Jumps 400%

Clampi, the Trojan that Secure Channel wrote about yesterday, is a fine example of why we’ll never see another Code Red, Nimda or LoveLetter virus again. The intent of malware is no longer to cause mass service disruptions, but rather to steal as much information as possible without getting detected.

Trojans, worms, viruses and rootkits the likes of Clampi, Sinowal and StealthMBR are now the masters of the malicious code. McAfee’s Avert Labs released a new report that shows the volume of password-stealing and keystroke logging malware jumped nearly 400 percent between 2007 and 2008. McAfee’s prediction: the trend will continue to expand in both volume and scope. This trend will force organizations handling even routine data to think beyond conventional antivirus applications and perimeter firewalls for their security.

Hackers have long used social engineering techniques, phishing (mass mailings) and spear-phishing (targeted mail attacks) to trick users into giving up sensitive information. McAfee concludes that these techniques’ effectiveness is limited since they don’t capture nearly enough account credentials for trading.

Database attacks such as those against TJX and Heartland Payment Systems that resulted in tens of millions of credit card numbers being compromised are effective in capturing large amounts of financial and identity data, but also carry a high degree of risk.

Sophisticated malware designed to observe and report are far more effective ways of intercepting user credentials for banking and credit card accounts, and—in some cases—hijacking live sessions. Credential stealing malware will use spam, phishing and compromised web sites to transparently infect machines.

Making matters worse, malware like Clampi and Sinowal no longer collect data globally, but rather target applications and subroutines to steal specific bits of information. Older generations of data-stealing malware made a lot of noise by infecting operating systems and hooking into APIs. They collected copious amounts of data this way, which made them susceptible to detection by host-based intrusion detection/prevention applications. By targeting specific applications and data sets, the malware lowers its profile to avoid detection by conventional security scanners and analyzers.

>> Click here to read the full report and join the discussion on the "Secure Channel" blog