McAfee sees rise in stock scams, social-engineering attacks

If you think there are a lot of phishing scams cramming your e-mail in-box now, just wait--fraudsters have more tricks up their sleeve.

That's the message from McAfee Security Journal, due out Monday. Most of the articles deal with ways in which scammers use social engineering --not hacking--to dupe people into downloading malicious software to their computers or giving out their personal information, passwords, and bank account details to malicious Web sites.

One of the more interesting articles is titled "Vulnerabilities in the Equities Markets."

McAfee Avert Labs' Anthony Bettini, author of "Vulnerabilities in the Equities Markets."

(Credit: McAfee)

There have been headlines about people scamming the equities market by circulating false news in the hopes that stocks will move up or down (the false report that Apple's Steve Jobs had a heart attack being just the latest). What about investors losing or winning based on security news events?

It's already happening, writes Anthony Bettini, a senior manager at McAfee Avert Labs.

He notes that Microsoft's stock price tends to go down on "Patch Tuesday," the day it issues its monthly batch of security fixes, and when it issues an advance notification of the security bulletins for the month. Then on "Exploit Wednesday," which is the day after "Patch Tuesday," there is, on average, an uptick in the stock price.

"This is probably because institutional investors or market makers feel Microsoft was oversold the day before because of the bad news and that, in reality, Microsoft's value as an investment was only negligibly affected," he writes. "Note that this trend has been consistent during the past three years and continues today."

There's nothing really scary with that. But the notion that stock price fluctuations are occurring after vulnerability and patch announcements could give rise to more serious threats. "What would happen if a person built up a short position in a major software company and posted a handful of vulnerabilities with exploits to the Full Disclosure mailing list?" Bettini writes, before speculating on the legal consequences of such an action.

"It is possible people are already using zero-day threats for financial gain, not simply for embedding them within password-stealing Trojans but for taking short or options positions in equities and derivatives," he writes. "It's clear that spammers have figured out ways to profit from securities markets: we have received lots of penny-stock spam."

Ben Edelman, assistant professor at the Harvard Business School, writes about typosquatting in the McAfee Security Journal.

(Credit: McAfee)

Another article in the McAfee Security Journal deals with the prevalence of spam and phishing attempts that piggyback on news events to grab the attention of people. For instance, malware writers exploited the broad interest in the Olympic Games to distribute e-mails that dropped malicious software on the recipient's computer that creates a back door for remote attacks, according to an article titled "A Prime Target for Social Engineering Malware."

There also has been a jump in the number of malicious programs posing as updates or software from security vendors, writes Elodie Grandjean, a virus researcher for McAfee Avert Labs in France. The programs lure people into downloading malicious software that instead of protecting the computer infects it with malware and interferes with legitimate security software actions. Such "scareware" has prompted Microsoft and the attorney general of Washington to file lawsuits.

Ben Edelman, assistant professor at the Harvard Business School, writes about the problem of incorrectly typing a Web address. "Typosquatting" is the practice of registering domains that are very close to popular Web site domains in order to get traffic from people who make a spelling error or typo in the URL address bar. The Web sites that appear when you make such a wrong turn on the Internet could have malware on them, but more likely are just making money off ads.

The most popular domain for typosquatting, spawning 742 offshoots, is "freecreditreport.com," followed by "cartoonnetwork.com," "youtube.com" and "craigslist."

However, lawsuits against typosquatters are making the practice less desirable, Edelson writes. Microsoft has received more than $2 million in typosquatting settlements, he says.

The report is on McAfee's Web site.

This screenshot shows code from the backdoor Trojan hidden in a PDF file related to the Olympics that was e-mailed to a pro-Tibet group. It allows an attacker to compromise the computer.

(Credit: McAfee Avert Labs)