MyCERT: Less hacking, more phishing
2nd August 2005 (The Star)
By Steven Patrick

PETALING JAYA: The majority of forgery cases reported in the last quarter were phishing scams, said the Malaysian Computer Emergency Response Team (MyCERT).

Its latest security quarterly report, which covered April to June, recorded a total of 36 forgery incidents, up from 29 cases the previous quarter.

Hackers could be focusing their energies elsewhere, said Solahuddin Shamsuddin, MyCERT's manager. "It could be that they are turning to phishing scams because they stand to benefit financially from these activities."

MyCERT (www.mycert.org.my) is a unit of the National ICT Security and Emergency Response Team (Niser) and is responsible for tracking and logging security incidents, as well as analysing major security incidents and trends.

Solahuddin said MyCERT had in May received complaints that four local banks had been victims of a major phishing attack.

Phishing scams use fraudulent e-mail and websites that seemingly originate from well-known companies to dupe consumers into divulging personal information, such as bank account details and credit card numbers.

Solahuddin said MyCERT's analysis indicated that the phishing websites were hosted on a single machine in Russia.

"The e-mail prompted users to click on the links attached. Upon doing so, the page led user to a Google search string link, which then re-directed him to a bogus website.

"A pop-up window then prompted him to enter his Internet banking account username and password," he said.

Once we managed to trace this, our counterparts in Russia were able to shut down the sites within two days, Solahuddin said.

MyCERT strongly urges users who receive e-mail purportedly from banks requesting them to change their login and passwords to ignore/delete such e-mail immediately.

Users are also advised to verify these e-mail with their respective Internet service providers (ISPs), or with their respective financial institutions.

Meanwhile, the second quarter also saw a slight increase in malicious code incidents. Ninteen virus/worm incidents occurred - 11.8% higher than the previous quarter.

Most of these worm incidents involved variants of the mass e-mailing worms W32.mytob, W32.Sober, W32.Sasser, Backdoor.Berbew.N, and W32Ifbo.

Although there were no major worm incidents on the same scale of the Blaster worm in August 2003, Solahuddin warned computer users not let their guard down.

"It's hard to say when they will strike next," he said.

MyCERT also advised users to always take precautions against worm attacks by using e-mail gateway filters.

The report also stated that spam incidents (totalling 1,400 in the period) showed a 62% drop from the previous quarter.

The main reason cited for this significant decrease is that more local ISPs have antispam filters at their e-mail gateways.

MyCERT also noted that there was a significant drop in intrusion incidents, a 59.8% decrease to 103 incidents from the previous quarter.