McAfee says criminal hackers will sell a million email addresses for $25

If you want to buy a million email addresses from criminal hackers, the going rate is $25, according to a second quarter report from antivirus firm McAfee.

The new McAfee Q2 2011 Threats Report also shows that mobile malware is on the rise, with malware targeted at Android devices up 76 percent from the previous quarter. Google’s Android is not only the most popular mobile operating system in terms of adoption rates; it’s also the most-attacked mobile operating system. New forms of malware are appearing as often as 55,000 times a day.

“We are seeing continued growth in the total number of malware samples, just as we did last quarter,” said Toralv Dirro, security strategist at McAfee Labs, in an interview. “There are more tools to create malware in the underground market.”

McAfee estimates that its collection of malware, or “zoo,” will reach a record 75 million samples by the end of the year, based on the first half results.

The quarter also saw some new developments such as the first-ever appearance of a fake antivirus attack for Apple’s Macintosh operating system. That’s a byproduct of the resurgence of the Mac among users, making Apple a bigger target for malware authors.

Overall attacks are becoming more stealthy and sophisticated. That’s one of the outcomes of the launch of Stuxnet last year, a mysterious piece of malware that targeted Iran’s nuclear centrifuges and other industrial equipment. Stealth malware is up 38 percent from a year ago.

High-profile “hacktivist” groups such as Anonymous and LulzSec have changed the landscape by drawing a fine line between attacks for personal gain and attacks meant to send a message. There were roughly 20 major hacktivist attacks in the second quarter alone, mostly due to the alleged activity of LulzSec.

The report also logs important details on the cybercrime underground, such as “price books” that determine the going rate for the purchase of large email address lists, acts of hacktivism, and cyberwar. In the U.S., a batch of 1 million email addresses costs $25. In England, 1.5 million addresses sell for $100.

The cyber war attacks included an attack on the United States’ Oak Ridge National Laboratory and an attack on South Korea’s National Agricultural Cooperative Federation.

McAfee said it discovered 12 million unique samples of malware in the first half of 2011, up 22 percent from a year earlier. That makes this period the business half-year in malware history. McAfee now has more than 65 million samples in its zoo.

Android surpassed Symbian in the second quarter as the most-targeted mobile operating system. The malware is contained in everything from calendar apps to comedy apps to text messages and fake Angry Birds updates.

“It used to be hacking for bragging rights on mobile,” Dirro said. “Now it’s for commercial gain.”

Malware apps often secretly send text messages from a compromised phone to premium text message numbers.

Perhaps the only good news is that spam is at historic lows due to the takedown of the Rustock bot net. A bot net is a group of compromised computers that have been hijacked in order to launch group attacks, such as spam broadsides. McAfee expects a sharp rise in the coming months as cybercriminals recover from the Rustock takedown.

0 comments