'Celestial alignment' for ideal cybercrime world

Three distinct elements are currently in place for cybercriminals to thrive, but lack of clear monetization stream hampering their progress, say RSA execs.

SAN FRANCISCO--The availability of high-grade Trojans, simple but easily executed distribution techniques and the bad global economy are three elements that are in "celestial alignment" today to create a cybercrime haven.

This perspective was put forth by Uri Rivner, head of new technologies at RSA, the security division of EMC. Speaking Wednesday in a presentation at the RSA Conference, he noted that security practitioners need to view the fraud environment as an "ecosystem" where cybercriminals are competing against each other in their respective specialties, rather than as individual entities.

According to Rivner, online and e-commerce fraud amounted to US$200 million losses for affected business and individuals in the United Kingdom alone. In comparison, credit card fraud losses, which he described as the predecessor of online fraud, currently amounts to US$1.5 billion in the same country.

Three factors driving cybercrime
On high grade Trojans, Rivner cited studies conducted by RSA that put the Zeus Trojan as the main tool used by fraudsters to conduct online criminal activities. According to the studies, 92 percent of all Trojan toolkits used are for Zeus.

Not only are the kits easily available online and affordable, variants of such Trojans can be "created on the fly", he added.

To support his stance, Rivner showed a screen-shot of a Zeus Trojan dashboard, which comprised a collection of major antivirus (AV) vendors. On the dashboard, users of the toolkit will be able to tell which AV vendor has a signature against their malware.

"With this information, Zeus users just need to click a button to create a variant, check again to see that the same AV vendor has no recognition of the new variant, and another Trojan is created," he said.

He also noted that today's Trojans do not just mine for individuals' financial information, as was the case previously, they are "stealing everything that we do", from a person's blood type to the type of partners they would like to date.

But having Trojans that can be executed well would be useless without having an effective method of distributing them, Rivner said.

Citing figures for Sinowal, he pointed to a huge spike of computers infected with this Trojan from mid-2008, which he attributed to the introduction of drive-by downloads.

An example of such drive-by downloads was musician Paul McCartney's personal Web site. His site was infected with the Trojan and anyone who visited the site would have unknowingly downloaded the same malware onto their computers, said Rivner.

Besides famous celebrities and their Web pages, social networking sites such as Facebook are another platform that cybercriminals are increasingly using to spread their malware, he added.

The global recession of the past year has also played its part in contributing to online fraud, as more cybercriminals recruit their "mules"--or Internet users who collaborate with them unknowingly--through fake company Web sites, noted Rivner.

"By calling for eligible candidates to apply for a phony position in the company and assuring them that they are joining a legitimate organization, fraudsters can make use of these people to transfer anything from money to personal information siphoned from someone else," he explained. "This is known as reshipping recruitment scams."

All of these developments, he said, point to one fact: the "battlefield" for information security has shifted from networks to its users, and as such, potentially has more wide-ranging repercussions.

Christopher Young, senior vice president of products at RSA, noted also during the presentation that through infecting employees' computers, cybercriminals can have a foothold into the organization and be able to swipe any information they want.

The saving grace, though, is that the monetization for all the information harvested by these online fraudsters is still "not streamlined", said Young, which gives corporations the time needed to fight back.

"This problem is now receiving board-level attention and the industry understands the need to build a new defense doctrine,” he said. The call for security to be embedded into cloud computing by RSA President Art Coviello in his keynote speech on Tuesday, is one example of the shift in security perspective, Young added.

Kevin Kwang of ZDNet Asia reported from the RSA Conference in San Francisco.