Report: 31.6 million new phishing schemes in first half 2007

Posted by Rick C. Hodgin

San Francisco (CA) and London (England) - Microsoft released a research study yesterday which demonstrates just how under attack we are in cyberspace.  During the first half of 2007 alone, 31.6 million phishing scams were identified, up 150% from the previous six month time period.

The study also identified a whopping 500% increase in trojan downloaders and droppers.  These are malicious programs used to install trojans, password stealers, keystroke loggers, and other data-gathering software, on user's system.  Microsoft specifically noted two families of trojans which are removed by the Microsoft Malicious Software Removal Tool.  These targeted banking information and had attempts to steal data.

The study indicates that attackers today are more interested in obtaining personal information, even resorting to extreme social engineering measures to obtain it.  One security firm researcher said, "Personal information is the currency of crime..."  For example, an attacker may pose as a friend that you don't seem to recall.  They might even have specific information about which websites you were on recently.  This information can be obtained one of two ways, either through some type of trojan or bot which reported it to them.  Or another popular way is by not actually knowing anything about you, but rather using statistics developed from various types of user profiles which might be similar to yours, thereby attracting your interests.  These often come in the form of several different types of emails from the same attacker organization, though each appears to be independent.  You may not speak to "George Smith," but you might speak to "Jenna Jones," especially if she's speaking about something you're interested in.

Microsoft's research study provides data which sizes up the scope of the threat, and some simple ways to help in defeating it.  The study shows that one solution is found through a closer marriage of security firms, users and related privacy functions.  For example, 74% of those companies who said they did not have a close relationship between security and privacy admitted to some attacks.  Only 29% of those who had close relationships reported the same.  In addition, tools which work cooperatively at the OS level with security software, like Microsoft's Malicious Software Removal Tool program, are capable of removing the software side of the problem.  It's still the human component which must be worked with to achieve larger success.

Read more ... Microsoft.