Read the Symantec Report on the Underground Economy or listen to the corresponding Symantec podcast by Zulfikar Ramzan, the Security Technology & Response Technical Director.

Symantec estimates the value of total advertised goods on the underground servers as up to $276 Million and this figure is from only the underground they had access to. Mr. Ramzan said in the podcast how the actual size is extremely tough to estimate, what with the smartest of the criminals remaining in the underground of underground.

It is alarming and interesting to see how the underground economy functions, in ways similar to any other economy. The trends, I believe, will remain upward because cybercrime is still in its infancy even though there are already malicious but very smart people out there.

A person without any knowledge about cybercrime could start by getting access to any of the malicious tools like the Attack toolkits and Keystroke loggers. However, there are specialized roles within cybercrime each of which can’t be done by just about anybody.

Once goods or information are stolen, they are advertised, sold and resold.

Pirated softwares include desktop games, multimedia software, business software suites and OSs. Some of them could be offered for free to establish their credibility, but those with greater consumer demand are also often attached with malwares. The pricing of pirated goods is often proportional to identical trends in the genuine softwares.

However, according to the report, pirated softwares make only one-third of the underworld economy. Sensitive information is more popular. The above screenshot shows a table with the percentage-wise division of the top kinds of sensitive information that the cyber criminals are after. It sends a chill down my spine, especially with the 4th and 5th ranks.

An interesting tidbit: The United States hosted 41 percent of the total observed underground economy servers worldwide, while Romania had the second highest percentage at 13 percent of the total. Romania! Who would have guessed?

Image Source: Symantec.

Post from: EveryJoe

Symantec Report on the Underground Economy

There is a Firefox trojan that is trolling around stealing passwords. Read the Larry Seltzer’s post for the story and a suggestion.

Friend Brian got numerous cases with a variant of Win32/FakeSecScan virus in the last couple of weeks and so compiled a helpful one-page PDF called “Beware of Fake Antivirus Programs” (PDF link warning). I have one more thing to add. When you see that popup message, open the taskmanager and kill the browser. Some of the uglier ones of this kind don’t have a better solution.

Computer World has a very alarming story. McColo Corp., a webhosting firm, was taken down a month ago resulting in a 42% drop of spam volume. Slowly, actually quickly, the spam levels are catching up again.

McAfee released its Virtual Criminology report recently. It accuses the governments of turning a blind eye to cybercrime, according to PCWorld. I agree that there is a damn lot to be done, but McAfee’s bombastic style takes away a little credibility, not of the report itself but of the accusation. If say the US government were turning a blind eye, there wouldn’t even be talking about a Center for Cybersecurity Operations, would they?

Blizzard has introduced two-factor authentication in World of Warcraft. On top of the usual password, there will be a six-digit authentication code generated by the %6.50 worth keyfob on-demand for each login.

Post from: EveryJoe

Internet Roundup On Security Awareness