According to malware data collected by Trend Micro researchers from October to December 2009, the patterns and vectors of malware threats have changed in a sense that instant financial gains seem no longer the primary target of cybercriminals.

The major strategy of these criminals seems to be unraveling and detecting personal information and networking contacts to develop targeted social engineering schemes. Researchers found specifically crafted messages with popular themes being used as bait in spam campaigns. Here, local Internet domains were used as launch pads for a host of phishing attacks. 

The latest social engineering attacks increasingly ride on popular news items that present themselves in a variety of forms. In December 2009, Christmas messages were seen in mainstream social networking websites. E-mail messages with malware attachments appeared as e-cards from the 123greetings.com website. The Twilight Saga movie trailer of New Moon was exploited as a social engineering trick to promote a file sharing portal, which illegally gathers personal information through forged member registrations.
 
“The businesses sector used to be the main target for financially motivated cybercriminals in the recent past. However, the patterns and vectors of malware attacks seem to have changed. Now individuals need to carefully protect their personal information to protect it from any abuse,” commented Amit Nath, Country Manager, India & SAARC, Trend Micro.
 
A growing trend is the use of search engine optimization (SEO) techniques in which cybercriminals insert popular news items in search engines and make them appear as top search results. The ranking results are monitored on a daily basis and redirect unsuspecting end-users to malicious websites.

The death of Brittany Murphy was abused in an SEO attack that led to the FAKEAV exploit redirecting users to scareware portals. The eruption of the Mayon Volcano in the Philippines is another example of an SEO attack. Keying in the string “Mayon Volcano eruption” in search engines led users to malicious links to various locations where FAKEAV variants resided.
 
The list of social engineering schemes keeps constantly evolving and cybercriminals are dramatically developing popular social networking websites as targets. In December 2009, the Koobface worm used a Facebook message leading to a Christmas video as bait to spread its spam among Facebook users. The ZBOT Trojan targeted these users with spam e-mails that led to a harmful phishing site.

As the number of users in the non-English speaking part of the world grows to have Internet access, local malicious computer hackers, a.k.a. black-hats, revised their tactics and mounted language and culture barriers to break into local computer networks. Significant web-based attacks originated in Asia-Pacific and several phishing sites registered in China targeted specific user groups in Taiwan.
 
In the fourth quarter of 2009, the top Asia-Pacific infection vectors were downloaded from the Internet, dropped by other malware, or caused by removable physical drives. Cybercriminals are becoming increasingly sophisticated in employing social engineering concepts. Their ‘business models’ deploy communication solutions such as e-mail, IRC, IM, P2P, and USB devices. Trend Micro expects cybercriminals to continue using this modus operandi as prominent and major transmission vehicles of malware in 2010.