A new Internet Crime Complaint Center (IC3) report on â€œrecent cyber crime trends, new twists to previously-existing cyber scamsâ€ released on August 8 outlines fake free credit services, a fake political survey, a spoofed Microsoft update and other threats reported by thousands of victims.
The report, which aggregates information from law enforcement bodies and from complaints submitted to the IC3 to raise awareness about the latest fraudulent or malicious schemes involving rigged online resources, starts its list with a â€œfake political surveyâ€ conducted by phone. The survey is followed by the respondentâ€™s being tricked into believing he or she has won a â€œfree cruise to the Bahamasâ€, actually a decoy for scheme to harvest a valid e-mail address and credit card info.
Another scam, reported by at least 2,000 victims, consists of fake â€œfreeâ€ credit services. Once they got their â€œfreeâ€ credit report, customers were hooked for good. According to the Terms and Conditions of the respective service provider, customers would have to pay a monthly service fee ranging from $19.95 to $29.95 unless they cancelled â€œtheir free trial within the free trial period.â€
Reveton ransomeware is also part of this e-malice lineup.Â â€œOnce installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares the userâ€™s IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content. To unlock their computer the user is instructed to pay a $100 fine to the US Department of Justice, using prepaid money card services,â€ reads the IC3 report. This initial extortion attempt may open up the way to online bank fraud.
A spoofed Microsoft Update purporting to provide a Critical Patch butÂ actually delivering a fake AV also made it to the black list. â€œThe vulnerability is still 0-day meaning it cannot be patched if a computer has already been compromised, however Microsoft has released an emergency patch to reduce the potential successful attacks and fix this issue. [â€¦] The most recent report shows a number of 1673711 computers infected worldwide,â€ reads the spam e-mail that helped deliver the malicious link.
The IC3 report also describes a malicious PowerPoint File which â€œcontains an embedded Flash file, which exploits a software bug found in specific versions of Flash Player (CVE-2011-0611) to drop a backdoor onto usersâ€™ systems.â€
The cases seem to point to reliable (i.e. previously reported) vulnerabilities as main sources of infection. â€œFirst, exploits created for reliable vulnerabilities remain effective cybercriminal tools. Second, most users do not regularly update their systemsâ€™ with the latest security patch, which explains why attackers are continuously exploiting these bugsâ€, concludes the IC3 report.