McAfee Report Cites Citadel Threat

By | June 05, 2013

Posted in: Network Security Trends

Cyberspace grew both more dangerous and irritating in the first quarter of the year, according to McAfee Labs’ threat report for the period.

In a report issued this week, the tech security company sounded a special warning about the Citadel Trojan, which has been updated to extract personal information from victims.

“In the first quarter the global cybercriminal community went very much ‘back to the future’
in their unending pursuit of victims and profits,” the report said. “Many of the most significant trends observed by McAfee Labs in the previous three quarters actually went into remission, while older types of attacks and what can only be called ‘retro-malware’ experienced significant new growth.”

McAfee said Citadel was an emerging threat not only to the financial services industry, but to other industries as well.

“It gives cybercriminals advanced remote connectivity, and it also gives them the ability to dynamically decide which target to engage. While Citadel is being withdrawn from the open market, McAfee Labs believes that we will continue to see successor variants deployed throughout 2013.

“We also expect that its targets will expand as more cybercriminals realize that the potential capabilities of Citadel go well beyond financial fraud. There is a significant amount of recent activity to suggest that perpetrators will continue to use Citadel to attack businesses and government organizations around the world,” the report said.

The company reported that spam, after more than a year of decline, was increasing again and more than doubled worldwide during the first quarter. “We saw a big increase that reached a volume not matched since May 2011,” the report said.

“As we look at spam subject lines around the world, we see that drugs and delivery service notification teasers remain widely popular. Drug spam is generally associated with lots of infections because it is botnet based. The United Kingdom was an especially big target this quarter. In Germany phishing lures rank highly. In India, Italy, Poland and Spain ‘lonely women’ make frequent appeals for companionship, surpassing Russia as the usual top spot for unhappy potential brides.”

McAfee said newsletters trying to “subscribe” readers were common in the US and France. “Spam promoting pump-and-dump stock schemes was way up this quarter, no doubt riding the recent market wave to appeal to unwary investors seeking higher gains. But it’s never a good move for traders to get involved with these types of stocks.”

The report said other trends for the first quarter included steady growth in mobile malware and a rapid increase in general malware, including Facebook threat Koobface,  AutoRun malware, and stealth malware that attacks the master boot record.

“All malware that we track — affecting clients, servers, networks, mobiles — now stands at more than 128 million samples. That figure has climbed steadily for ages and quite rapidly during the last two quarters. Koobface, along with AutoRun, ransomware, and MBR threats, were the leaders this period,” McAfee said.

You May Also Be Interested In: