Cyber crime is continuing to mature into a sophisticated industry, according to the latest Microsoft Security Intelligence Report (SIRv8).
"The study confirms that criminals continue to enhance their capability to execute attacks, including 'productising' and adding features to malware in order to target specific audiences," said Microsoft Asia Pacific regional security and privacy lead, Jacqueline Peterson-Jarvis, speaking in Kuala Lumpur.
"SIRv8 provides compelling evidence that cyber criminals are becoming more sophisticated and are packaging online threats to create, update and maintain exploits kits that are sold on to others to deploy," said Peterson-Jarvis.
"Malware creators are continually improving their 'products' by replacing poorly performing exploits with new ones," she said.
SIRv8 (http://www.microsoft.com/sir) uses data collected from about 500 million computers worldwide to provide intelligence on global online threats experienced during the second half of 2009. The security intelligence is collected through the Malicious Software Removal Tool (MSRT), Forefront Online Protection for Exchange and Forefront Client Security, Microsoft's newest security offering called Microsoft Security Essentials, Windows Live Hotmail and Bing.
Peterson-Jarvis said enterprise networks continue to be susceptible to worms while home users are more exposed to malware and socially engineered threats. "For example, so-called '419' scams increased in e-mail significantly and rogue security software, which poses as a legitimate security application to deceive users, continues to be an issue for consumers.
"In addition, criminals continue to package online threats into 'kits' to maximise potential impact," she said. "The Eleonore browser exploit kit, for example, employs different exploits for browsers from several different vendors as well as popular application software frequently found on systems. Maintained and upgraded like traditional products, each version of the kit is developed to offer optimal levels of applicability, stealth, reliability, and detection evasion."
She added that SIRv8 further confirmed that attackers are now largely motivated by financial gain and act in teams. "For example, malware creators seldom conduct attacks themselves but instead work with other criminals in online black markets to buy and sell malware kits and botnet access."
Some positive progress
"Despite the steady presence of online threats, SIRv8 found results that demonstrate industry progress in defending against the threat of malware. The telemetry data in SIR has shown consistently that the lowest infection rates are seen on computers running Windows Vista SP2 and Windows 7," said Peterson-Jarvis.
"Infection rates for both operating systems are less than half the infection rate for computers running Windows XP," she said.
"In Malaysia, we have seen that the threats that were disinfected were mostly malware," said Peterson-Jarvis. "In the second half of 2009, although the malware infection rate is significantly lower than the worldwide average, there was an increase in infections compared to the first half of 2009."
"To protect your environment, we would recommend taking several actions, including keeping all software in your system updated; running anti-virus software from a trusted vendor and keeping it updated; using a secure browser; and downloading the Microsoft Security Update Guide," she said.
Government agency CyberSecurity Malaysia chief executive officer, Lt. Col. (Rtd) Husin Jazri said Internet users remain open to cyber crime and other online threats, and this was due to the low awareness surrounding the issue.
"The level of awareness among Malaysian Internet users on safety issues in cyberspace needs to be intensified, and this move is necessary, now more than ever, to keep up with the rapidly growing number of citizens," said Husin. "Internet users also include children and parents need to play a more active role to ensure their children's safe and secure online experience."