Cyber-thieves use 'marketing-like' tactics says Microsoft
Microsoft released its latest Security Intelligence Report today, which it says highlights a "significant increase" in the use of "marketing-like" approaches by cyber-criminals.
The report found the majority of these type of criminal methods involved the use of malware. Malware is corrupt software often disguised as a marketing campaign or product promotion that looks legitimate but internet thieves can use it to trick users with pay-per click schemes, false advertisements or fake security software for sale (see our story on the first such Mac-targeted threat). Among the key findings were:
- Vulnerabilities in applications, rather than operating systems or browsers, accounted for the majority of exploited vulnerabilities.
- Exploitation of Java vulnerabilities increased sharply in the second quarter of 2010 and "surpassed every other exploitation category" tracked.
- The number of Adobe Acrobat and Adobe Reader exploits accounted for most of the document-format exploits detected but the number also dropped by more than half during the year.
- Microsoft Office exploits accounted for between 0.5 and 2.8 percent of document-format exploits detected.
- After the takedown of servers associated with the Win32/Cutwai spambot, there was a "significant drop" in the average daily volume of messages blocked.
- Advertisements for nonsexual pharmaceutical products accounted for 32.4 percent of spam messages blocked.
- The number of malicious phishing sites targeting gaming sites has declined, while the number of phishing sites targeting social networks increased - possibly due to the finding that phishing sites that target social networks "routinely receive the highest number of impressions per active phising site."