Report: Underground Cyber Economy Growth To Increase -- Security Today

Report: Underground Cyber Economy Growth To Increase

Feb 19, 2008

According to research from Trend Micro's TrendLabs, hackers are intensifying their attacks on legitimate Web sites. The number of compromised Web sites are slowly outnumbering malicious ones created specifically by cyber criminals. It debunks the adage to "not visit questionable sites" because even trusted Web sites such as those belonging to Fortune 500 companies, schools and government organizations can hold malware.

An underground malware industry has carved itself a thriving market by exploiting the trust and confidence of Web users. The Russian Business Network, for example, was notorious all year for hosting illegal businesses including child pornography, phishing and malware distribution sites. This underground industry excludes no one. In 2007, Apple had to contend with the ZLOB gang, a group of professional hackers who relies on tricking users to download and install malicious software; even alternative operating systems are not safe havens for the online user when it comes to Web threats. The Italian Gromozon, a malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007.

This past year, the NUWAR (Storm) botnet expanded in scope. Trend Micro researchers learned that the Storm botnet is renting its services to malicious hackers and its spamming capabilities rented out to spammers -- evidence that botnet threats are becoming more prevalent and sophisticated. During 2007, the most popular communication protocol among botnet owners was still Internet Relay Chat possibly because software to create IRC bots is widely available and easily implemented.

Security threats are no longer limited to PCs. Mobile devices, as they become more advanced and powerful, are at risk for the same types of threats as PCs (viruses, spam, Trojans, malware, etc.) Gadgets with wireless capabilities such as Wi-Fi and Bluetooth, as well as storage capability have become major sources of data leaks and carriers of infections through security perimeters.

Other notable findings from the report:

The Windows Animated Cursor exploit (EXPL_ANICMOO) encompassed over 50 percent of all exploit codes to hit the Internet computing population. 74 percent of its infections this year came from Asia. The same holds true for TROJ_ANICMOO.AX, a related threat which embedded the exploit. 64 percent of computers infected with this were from China.
The top malware finding was WORM_SPYBOT.IS and WORM_GAOBOT.DF. Both created botnets and worms that infected USB-connected devices.
Nearly 50 percent of all threat infections come from North America, but Asian countries are also experiencing a growth -- 40 percent of infections stem from that region.
Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying Web 2.0 technologies, particularly cross-site scripting and streaming technologies.
Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons as an opportunity to send spam or deploy spyware while users are shopping online.
In 2007, the top online commerce site attacked by phishers was still global auction site eBay and sister company PayPal. Financial institutions, especially those based in North America, also experienced a high volume of phishing attacks.

2008 Forecast

Based on the emerging trends of this year, the following are Trend Micro's forecasts for the 2008 threat landscape:

1. Legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in the effort to inject in-process malicious code that criminals can exploit to run malware as they attempt to steal confidential and proprietary information.

2. High-profile Web sites that run the gamut of social networking, banking/financial, online gaming, search engine, travel, commercial ticketing, local government sectors, news, job, blogging and e-commerce sites for auction and shopping will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code.

3. Unmanaged devices such as smart phones, mp3 players, digital frames, thumb drives and gaming stations will continue to provide opportunities for criminals and malware to infiltrate a company's security borders due to their capabilities for storage, computing and Wi-Fi. Public access points such as those in coffee shops, bookstores, hotel lobbies, and airports will continue to be distribution points for malware or attack vectors used by malicious entities.

4. Communication services such as e-mail, instant messaging, as well as file sharing will continue to be abused by content threats such as image spam, malicious URLs and attachments via targeted and localized social engineered themes.

5. Data protection and software security strategies will become standard in the commercial software lifecycle. This will also put a focus on data encryption technologies during storage and transit particularly in the vetting of data access in the information and distribution chain.

LVT and Insight LPR Partner to Launch Mobile License Plate Recognition
02/27/2026
AWS Security Hub Adds Full Stack Partner Solutions
02/26/2026
Genetec Launches Cloudlink 2210 Appliance
02/26/2026
System Surveyor Launches Integration Marketplace
02/26/2026
Unapplied Patches Drive Majority of Open Source Breaches
02/20/2026
GEODIS Park Selects Allied Universal for Security and Event Services
02/19/2026
Alaska DOT Pilots AI-Driven Lighting to Boost Pedestrian Safety
02/19/2026
Hanwha Vision Launches ConfigPro Management Tool
02/18/2026

Featured

Full Details Released for SIA Education at ISC West

ISC West 2026 is coming up March 23–27 in Las Vegas, and the Security Industry Association (SIA) and ISC West have revealed full conference details. Read Now
- ISC West
2025 Gun Violence Statistics Show Signs of Progress

Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now
- Facility Security
Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now
- Artificial Intelligence
The Evolution of ID Card Printing: Customer Challenges and Solutions

The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now
- Access Control
TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now
- Airport Security

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.
ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.