Kaspersky Lab report claims cybercriminals expanding their repertoire

The research from the Russian-headquartered IT security vendor found that, during March, fraudsters and malware authors used the tragic events in Japan to spread infected links to their own versions of the 'latest news.'

Cybercriminals, says the report, created malicious websites with content connected in some way to the disaster and sent out messages making emotional requests for money to be transferred to the message sender in order to help those affected by the disaster.

The last month also saw cybercriminals using Java exploits as a weapon of choice. Of the five exploits to appear in the Top 20 malicious programs on the Internet in March, Kaspersky says that three of them were coded for vulnerabilities in Java.

According to the report, malware writers were also surprisingly quick to react to announcements of new vulnerabilities. A good example of this, says Kaspersky, is a vulnerability in Adobe Flash Player that allowed cybercriminals to gain control of a user's computer.

The vulnerability was announced by Adobe on 14 March and by the next day, Kaspersky's research team had already detected an exploit for it.

Another notable trend was that the vendor's research team picked up on was that the cybercriminals behind HTML pages that are used in scams – or to spread malware – are constantly coming up with new ways to hide their creations from anti-virus programs.

During February, for example, cybercriminals were using CSS – cascading style sheets – to protect scripts from being detected.

A month later, instead of CSS, they were using <textarea> tags on their malicious HTML pages. Cybercriminals use the tag as a container to store data that will later be used by the main script.

Mobile threats are another area where malware is taking off. Kaspersky says that, at the start of March, its research teams picked up on the widely-reported infected versions of legitimate apps seen on the Android Market.

As reported previously, these apps contained root exploits that allowed a malicious program to obtain root access on Android smartphones, giving full administrator-level access to the device's operating system.

As well as a root exploit, the malicious APK archive contained two other malicious components. One of them sent an XML file containing IMEI, IMSI and other device information to a remote server and awaited further instructions.

The other component, says Kaspersky, displayed trojan-downloader functionalities.

What’s hot on Infosecurity Magazine?