57000 Fraudulent Web Addresses Attempt to Infect Users Weekly
Weekly, cyber hackers are developing around 57,000 new fake Web addresses, which are placed and registered on famous search engines with a hope that innocent users will click them unknowingly, as per PandaLabs security firm.
PandaLabs has examined malicious URLs placed on the Internet during June 2010 to August 2010, by cyber hackers to scam users into downloading malware unknowingly or hack their bank details straight away.
Users who click on such fraudulent web pages will find their systems infected or every data provided by them on these fake web pages will be accessed directly by the hackers. For this, the criminals, on an average basis use around 375 business brands and names of private firms globally, all well-known names.
It has also been revealed by the Pandalabs that from all the fraudulent web pages, around 65% are placed as related to banks. Mostly they pretend to be from banks, to hack users' login details. Auction sites and online stores are also famous (27%), with eBay being mainly used.
Some other financial organizations (like stockbrokers or investment funds), and the government companies acquire the subsequent positions having 2.3% and 1.9% respectively. The Government companies are mainly accounted for by the US revenue service or different tax collecting firms.
At fifth and sixth place, there are payment portals, operated by Paypal and ISPs respectively. Whereas, gaming websites dominated by World of Warcraft, acquired the last position.
The security experts while commenting on the techniques used by the hackers, revealed that just like in past years malware and phishing was distributed through email, criminals are going for BHSEO technique in 2009 and 2010, that includes developing fraudulent web pages adopting the names of popular brands, etc.
In this way, when a user searches for such famous names, a fake link to the malicious web page appears in the initial results. When the user opens this link, either the malware gets downloaded onto the user's system, with or without user's awareness or the fake website pretends to be an authentic page, e.g. a bank and the users unknowingly provide their personal details, which are then accessed by the cyber criminals.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 13-09-2010