Password Stealers Rising Alarmingly
Microsoft has just released its new Microsoft Security Intelligence Report, which states that the number of password-stealing malicious software is growing enormously, exceeding the growth of PC viruses by significant margins.
Actually, security researchers have spotted a growth in viruses at the rate of 8.3%; however, they assert that password monitoring and stealing malware has risen 450.6% in the first half of 2009 from the second half of 2008.
They indicated that the rise can largely be attributed to the flourishing e-commerce and online gaming activities that have emerged together with several widely used multiplayer games on the Internet. Also, in addition to the increasing number of the malware, the techniques for stealing data have also grown in sophistication.
The researchers also stated that as digital security measures and devices become advanced, it helps password-stealing malware to evolve. No sooner do the security mechanisms become enhanced that hackers start to follow in great detail. For instance, simple authentication factors, which are based on certain username and password combinations, could be vulnerable to simple keylogger interception.
Reports Microsoft that password-stealing programs are created to intercept passwords from a victim's computer and they normally transmit those details to a remote hacker so that he can either use them himself or sell them as they have high financial worth. And in case the passwords pertain to website accounts, the hacker uses them for logging onto the site where he installs malware, and thereby infects the visitors.
Moreover, one more popular method for password theft relates to injecting code into a website whereby the malicious program adds more form fields onto the web-pages of a banking site and instructs to furnish extra details like ATM pin number or certain memorable word. These are tactics that the user is usually unable to recognize as they seem quite genuine and don't raise doubt, the researchers noted.
Besides, the researchers stated that password stealers are seeded through spam, which is a chief distribution method for the purpose. With bulk spam e-mails offering bogus UPS notifications/invoices, users are frequently duped in a way that they open malicious attachments containing executables, which eventually results in the compromise of their computers.
Related article: Password-Stealing Polymorphic Malware on the Rise
» SPAMfighter News - 17-11-2009