Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Cyber-thieves target popular sites: report

All it can take is one click on a link posted by a Facebook friend and you're infected

All it can take is one click on a link posted by a Facebook friend and you're infected.

The infection will sit quietly and patiently, gleaning your passwords as you go about logging into your bank accounts and social networking profiles, looking to steal your identity and your money.

Malware infections are nothing new in the online world but they are becoming more sophisticated, according to a new report.

The 2011 Mid-Year Security Report, by a web security provider, said criminal organisations operating malware networks were increasingly targeting popular and trusted websites.

An internet user visiting a popular website or search engine can be infected by clicking on an ad, known as "malvertising" - the second most common form of malware delivery, behind search engine poisoning.

Crooks are also targeting social networking sites, making profile login details a valuable commodity among malware operators, said Greg Singh, systems engineering manager of security provider Blue Coat.

"In times gone by, people used to pick up these types of malware infections typically from what we'd term `dark places' on the internet, like when you go searching for free software ... people would often pick it up at pornography sites or gambling sites," Mr Singh told AAP.

"What's happening now is that the malware infection points are infiltrating trusted and popular websites, quite often these sites have been hacked for use by cyber-criminal organisations.

"Social networking credentials have become one of the most valuable commodities ... they can then log on and they have the look and feel of being exactly you."

Once they've logged in under your profile, they can post links directing your friends and followers to infected sites, with the potential to infect hundreds of people at a time.

The criminal groups that steal this information will then sell it to different organisations that want to steal your money.

These networks are usually based in Eastern Europe, particularly Russia, Ukraine and Moldova, but operate using stolen infrastructure from all over the world, making them hard to track down, Mr Singh said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AAP, Blue Coat, Facebook

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cyber crime
Latest Blog Posts
Whitepapers
  • Government Communications 2.0
    The problem with data is that it’s only useful if you share and use it. Equally, the more data we share electronically, the greater the risk of it falling into the wrong hands. Public sector organisations can’t function without legitimately gathering and using personal information about the citizens they are mandated to serve. Technology has made a significant contribution to that process, but has also brought new risks. Read on.
    Learn more »
  • Forrester Research | Your Enterprise Database Security Strategy 2010
    With increasingly sophisticated attacks and rising internal data theft, database security merits a stronger focus that goes beyond traditional authentication, authorization, and access control. Learn how to secure your database - Read this strategy guide.
    Learn more »
  • Collaborative software delivery: Managing today’s complex environment to improve software quality
    IBM Rational Team Concert software can help simplify, automate and govern the delivery process. Based on the open standards Jazz platform, it offers a lean collaborative application life cycle management (ALM) solution with integrated planning, work-item tracking, version control, build management and reporting.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments