In the December 2010 Monthly Malware Statistics report of Kaspersky Lab, over 209 million network attacks were blocked by Kaspersky Lab software. It also detected and neutralized over 196 million malicious programs.
The company reported that cybercriminals are still using the same tactics particularly with social networking services, as well as enticing unwary computer users to download fake antivirus and security software. These attacks have somewhat improved as cybercriminals use new approaches to trick people.
SHORT URLS USED
For attacks using social network sites, cybercriminals have also started to use the shortened URL being offered by such sites as bit.ly and alturl.com. Shortened URLS are already widely used in websites other than Twitter. Twitter became a carrier for these malicious shortened URLs.
Under these circumstances, users who see the shortened URLs could click them and be directed to the corresponding websites, which would remain unknown to the user until the site has been fully loaded.
The use of shortened Internet addresses has been in the increase in the past. Such services have been found useful by cybercriminals to get people to click on an inconspicuous website that may actually contain malicious software that attack users' PC.
Cybercriminals are also using "heavy artillery" in their arsenal to attack social networks; authors of one of today's most complex malicious programs -- the TDSS rootkit -- continue to perfect their creation. In December, the latest modification of the rootkit, TDL-4, started exploiting the vulnerability CVE-2010-3338 that was discovered in June 2010 while analyzing the Stuxnet worm.
NEW TECHNIQUES IN FAKE ANTIVIRUS
As for fake antiviruses, Kaspersky Lab reported that two fake antivirus programs made it to Kaspersky Lab's Top 20 malicious programs in December, making them the first of their kind to land in the list.
One fake antivirus, Trojan.HTML.Fraud.ct, generates an Internet page that resembles a My Computer window that makes it look very legitimate. The fake antivirus "scans" the PC and allegedly detects a malware. It then tricks the user to purchase the "full version" of the antivirus.
Legitimate commercial antivirus applications are able to quickly detect fake downloadable antivirus software. This pushed authors of the fake antivirus to move their applications online; instead of having to download the full software users only need to click on specific sites to get infected.
ADWARE ON THE RISE
Annoying adware also tops the list of web-based threats for December 2010. The adware AdWare.Win32.HotBar.dh took 5th place in Kaspersky Lab's Top 20 malicious applications. Unfortunately, this particular adware is installed along with legitimate applications. It then displays intrusive ads that keep annoying users of affected PCs.
.?? ATTACKS
Since its release in November last year, attacks on the new domain name registration .?? (the Cyrillic abbreviation for the Russian Federation) have also somewhat risen in December.
Kaspersky Labs discovered three types of malware being spread through .??.
These are fake archives; a primitive script redirector called Trojan.JS.Redirector.ki; and Hoax.Win32.OdnoklAgent.a, which opens a window that closely resembles a login page for the Russian-language social networking site Odnoklassniki.