Top Endpoint Security Stories for May 2011: More Trojans, infectious downloads, and… oh yeah, Zeus is on the loose

In the aftermath of major hacks on Sony PlayStation and Epsilon, businesses experienced an explosion of Trojans and other malicious software that Microsoft says now account for one in every 14 downloads. Also in May, it was discovered that the source code for the infamous Zeus banking malware is now freely available for cyber crooks to download. Does this mean more cyber attacks on banks are coming? Here are some of the top endpoint security stories for May 2011.

Complete Zeus source code available on underground forums

In May, a security researcher discovered that the complete source code for the advanced Zeus banking Trojan was leaked on the Internet. With the malware kit freely available to download from underground forums, cyber criminals interested in developing their own Zeus botnets can potentially launch attacks designed to steal money from legitimate online bank accounts, said Peter Kruse, a security researcher with CSIS.

“We can hereby confirm that the complete Zeus/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks.”

According to Tim van der Horst, a malware researcher at Blue Coat Systems, this lowers the bar for any cyber criminals to access high-quality malware and create Zeus copy-cat attacks. The fact that even inexperienced criminals could get their hands on the infamous banking code could also result in the distribution of more targeted Zeus attacks and variants across the Web.

Microsoft says one in 14 downloads is malicious

Today, downloading any new software, even from a friend, can potentially put your system at risk. That’s according to Microsoft, who reported in May that one in every 14 downloads is malware. The rise in malicious software has been spearheaded by more ambitious and creative hackers who continue to come up with more social engineering tactics, said Jeb Haber, program manager lead for Internet Explorer’s SmartScreen.

“You’re just seeing an explosion in direct attacks on users with social engineering. We were really surprised by the volumes. The volumes have been crazy.”

The range of social engineering attacks can vary from email messages that appear to be from a friend asking to download a video to fake antivirus warnings that look like they are coming from the operating system. Being tricked to download such programs infects the user’s machine with a malicious code. With social engineering threats on the rise, organizations and users alike need to continue educating themselves about new and evolving social engineering tactics designed to sneak bad code onto computers.

Private and public sector team up to educate SMBs on cybercrime

With an astounding 74% of small- to medium-sized businesses having experienced cybercrime over the past year, the Federal Communications Commission (FCC) announced plans to dedicate a portion of its website to educate SMBs about cybercrime, and what they can do to avoid becoming victims of evolving threats.
The effort is part of a collaboration between the FCC, the U.S. Chamber of Commerce and Symantec to provide the latest information and security tips on how small businesses can combat cybercrime.
According to the article, “Cybercrime Affects All Businesses, FCC Warns,” approximately 40% of SMBs have lost confidential data and were penalized with direct financial costs as a result of cyber attacks. The FCC also said the average cost per criminal incident against SMBs climbed to a record $188,242 in 2010.

Online businesses hit with steady climb in new malware

Last month, GFI Software reported that an average of 73,000 fresh e-threats were released each day in the month of April, accounting for a 26% increase in new malware over April 2010. Along with a steady rise in scareware and fake antivirus scams was a uninterrupted stream of Trojans that accounted for over 20% of all malicious programs found.
One of the things malware authors continue to focus on is prominent worldwide events. Black-Hat Search Engine Optimizations attacks are poisoned search engine results that exploit high-profiled events like the Royal Wedding and the Osama bin-Laden assassination to dupe users into clicking on bogus websites. This can result in malicious code being injected on a system.
These types of malware attacks can go beyond individual machines. For example, if a system is connected to a corporate network, the malicious code can be launched on a larger network, putting corporate data and other systems at risk. For organizations trying to protect their networks from such vulnerabilities, stopping the payload is key. Proactive fraud preventative techniques such as application whitelisting stops targeted malware by preventing the execution of any unauthorized application from running on a machine, no matter what criminal method a hacker uses to deliver the malicious code.
I appreciate you reading this month’s recap security blog. Be sure to regularly stop by to read and provide your thoughts on the important stories that impact the security industry.

by JT Keating