Behind the scenes: Symantec's malware battle
By by Asavin Wattanajantra,
Social Engineering
Another clear new trend is that rather than malware getting more complex, it was more the case that criminals were finding different and unique ways to infect users, using social engineering techniques. The work for criminals now was in finding new ways for users to download and install the malware, such as in using personal details taken from places such as Facebook, MySpace and even Google.
"It's not the technology," Hogan said. "Malware is downloaded by social engineering means. It is the most efficient way of getting it into people's systems."
The social engineering focus means that the technical aspect of the threats wouldn't change much in the future, he said. "Criminals don't need to know the code, they just need the applications. I think we'll see minor changes but from a technical perspective much won't change. It'll be the social engineering which will lure the victims."
Silentbanker
Symantec's engineers gave an example of malware they had had seen called 'Silentbanker'. This was a Trojan which targeted 400 banks worldwide and intercepted web traffic before it left browsers such as Internet Explorer and Firefox.
The way it worked was that it employed various ways to find what they needed to access money which usually meant the victim's username, password or a PIN. It had various ways of doing this, one of which was called credential stealing. This involved the Trojan creating HTML code which matched what was on the banking website, and asking for personal details. In other words, it relied on human failures as well as technological ones.
Chopped bodies
Symantec said it didn't usually focus much on the motivations of the criminals, such as whether it was for financial gain or an act of vandalism. Hogan compared their investigation of a malware affected user to that of a murder: "We've found a chopped body. We look at what killed it rather than the motive [of the killer]."
And with the current IT security situation, there's an increasing number of chopped bodies lying around.
IT PRO put the question that maybe it was a good thing for them that there was a lot of IT threat out there as indeed, it kept them in good business. Hogan laughed and said: "Computers will always be around and data will always need protection. There is more than enough to deal with now than we can actually cope with."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security News
Macs and Android under malware threat
McAfee's Threats Report suggests there could soon be 100 million malware samples in the wild, with non-Windows platforms accounting for much of the growth.
Latest Security Tutorials
How to protect a group of office PCs from viruses
Safeguarding multiple office computers from malware doesn't have to be difficult or expensive, as Simon Edwards shows in our step-by-step guide.
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- ICO: Fines for cookie law breakers
- Hutchison denies it will pull plug on Three UK
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- Open source software driving cloud-based innovation
- CIO: Career is over?
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell PowerEdge R820 review
Latest Analysis & Insight Videos in Security
Why security should top the cloud agenda
PlaySecurity should always be paramount in business, but with a cloud based infrastructure it’s arguably even more important. Steve Cassidy and...
