You don’t have to be a cyber pro anymore to hack computers and steal information. According to Symantec’s recent security threat report, it’s now easier than ever for amateurs to carry out full-fledged cyber attacks, without going broke in the process of acquiring the necessary crimeware.
These days, the Zeus21 toolkit that allows customization of malicious code can be bought for as low as $700, if not obtained gratis in some web forums. Last year, Symantec observed nearly 90,000 unique variants of the basic Zeus toolkit, which made it the second-most common new malicious code family observed in the Asia-Pacific and Japan region during this time.
Variants of the Zeus kit use spam to lure users to a website that uses social engineering or that exploits a web-browser vulnerability to install the bot on a victim’s computer. The bot then allows remote access to the computer and can be used to steal information. Each bot can then be used to send additional spam runs to compromise new users.
The popularity for this kind of toolkit has sparked a new competition among cyber criminals, some of which have had to switch up their business plans. The SpyEye kit, for example, not only steals information, but it also has the ability to detect if a computer already has Zeus installed and, if so, to intercept its communications. In another example, the Fragus exploit kit contains features that prevent buyers from reselling their copies of it.
“The lowering of barriers for neophyte attackers to enter into the cyber-crime realm is evident in the increase in malicious code that steals confidential information,” the report notes. “For example, the percentage of threats to confidential information that incorporate remote access capabilities increased to 98 percent in 2009, from 83 percent in 2008.”
The report further states increased use of online banking is one of the reasons for popularity in this attack vector. In the United Kingdom and France, more than half of Internet users perform online banking, while in Canada the number jumps to 60 percent. In the United States, 80 percent of households now bank online. In addition, with the availability of online banking continuing to grow, there will never be a shortage of potential victims.