Cyber-thieves use 'marketing-like' tactics says Microsoft

Microsoft released its latest Security Intelligence Report today, which it says highlights a "significant increase" in the use of "marketing-like" approaches by cyber-criminals.

The report found the majority of these type of criminal methods involved the use of malware. Malware is corrupt software often disguised as a marketing campaign or product promotion that looks legitimate but internet thieves can use it to trick users with pay-per click schemes, false advertisements or fake security software for sale (see our story on the first such Mac-targeted threat).  Among the key findings were:

• Vulnerabilities in applications, rather than operating systems or browsers, accounted for the majority of exploited vulnerabilities. 
• Exploitation of Java vulnerabilities increased sharply in the second quarter of 2010 and "surpassed every other exploitation category" tracked. 
• The number of Adobe Acrobat and Adobe Reader exploits accounted for most of the document-format exploits detected but the number also dropped by more than half during the year. 
• Microsoft Office exploits accounted for between 0.5 and 2.8 percent of document-format exploits detected. 
• After the takedown of servers associated with the Win32/Cutwai spambot, there was a "significant drop" in the average daily volume of messages blocked. 
• Advertisements for nonsexual pharmaceutical products accounted for 32.4 percent of spam messages blocked.
• The number of malicious phishing sites targeting gaming sites has declined, while the number of phishing sites targeting social networks increased - possibly due to the finding that phishing sites that target social networks "routinely receive the highest number of impressions per active phising site."