Malware, phishing sites and phony antivirus software programs are not only proliferating at a record pace but becoming more sophisticated each day — to the point that going online is now more risky than ever before.
That’s according to the latest data security report released this week by the Anti-Phishing Working Group (APWG).
The group, whose members include such big names as Microsoft, Yahoo, eBay, WalMart and EMC’s RSA security division, said in its report for the first half of 2009 that hackers and phishers have turned the Internet into the Wild West, targeting PCs, company Web sites and mobile devices with scams that are as creative as they are destructive to personal and corporate data security.
“The Internet has never been more dangerous,” said APWG chairman David Jevans. “In the first half of 2009, phishing escalated to some of the highest levels we’ve ever seen. Of even greater concern is the skyrocketing sophistication and proliferation of malicious software designed to steal online passwords and user names.”
The report (available here in PDF format) found that the number of detected malicious anti-malware programs and fake security software applications that actually infect user machines surged up 585 percent between January and the end of June.
New phishing Web sites detected in June rose to 49,084 — the most since the 55,643 sites discovered in April 2007 and the second-highest number recorded since APWG began reporting on phishing sites. The number of hijacked brands and Web sites an all-time high of 310 in March.
APWG researchers working at Panda Labs’ research lab counted more than 152,000 different strains of bogus anti-malware apps in June, up from slightly more than 22,000 such applications in January.
The number of compromised PCs also continued soaring. The report found that more than 11.9 million computers were infected in the first half of this year, up a staggering 66 percent from the same period last year.
Things are so bleak that APWG decided to create a new metric, using data collected by security software vendor Websense, to measure the growth of three separate categories of sophisticated malware.
Those include one category it calls data stealing and generic trojans, consisting of malware that sends information from an infected machine, controls the machine and opens backdoors on it. That’s become a major threat to online activity: Researchers have suggested that hacked PCs aren’t just giving criminals access to user data — They’re being used in botnets that are responsible for the vast majority of all spam.
The group also singled out “crimeware,” which is code designed to attack the data held by financial institutions. And then there’s “Other,” which is defined as commonly auto-replicating worms and dialers for telephone chargeback scams.
“Due to evolution of attack sophistication, it is becoming increasingly difficult to separate and report on attacks that are specifically designed to steal customer banking information,” Dan Hubbard, Websense’s CTO, said in the report. “Additionally, attacks that only for credentials from popular social networking, Web mail and gaming sites can lead to attacks for banking theft and crimeware.”