Insecurity outfit McAfee has published a report into the last ten years of on-line crime along with lists of the top five exploits and scams perpetrated in the decade ending in December 2010.
Entitled A Good Decade for Cybercrime, the report chronicles the growth of online attacks both from malicious software and more human endeavours noting that losses from cybercrime doubled in a singe year between 2008 and 2009.
2010 saw a relatively new breed of on-line shenanigans with protest groups, or 'hacktivists' as they like to be known, targeting businesses and governments in support of secret-spreading web site WikiLeaks and dozens of other causes.
Today it seems that the balaclava, Transit van and shotgun have been replaced by the PC and modem as the weapons of choice for criminals, with one US card-cloning gang alone costing the banking authorities an estimated $400 million in refunds, investigation costs and legal fees.
Another scareware outfit raked in $180 million flogging fake anti-virus software after fooling hapless punters into thinking their PCs were infected.
The report is a pretty handy reference for anyone interested in the history of cybercrime, tipping a wink to all of the major developments in the world of digital dodginess, including rootkits, trojans, zombie computers, worms, botnets and the pitfalls of social networking.
But our favourite section by far is reserved for the all time cybercrime top fives.
Please feel free to hum the Top of the Pops theme tune as we run them down in our best Alan Freeman voice.
Top Five Software Exploits
1. MyDoom: Carnage Quota $38 billion
This self-replicating worm first struck in 2004 causing infected computers to send billions of spam emails, slowing down global Internet access by 10 per cent and bringing many major web sites to their knees. Quite possibly the most expensive exploit ever.
2. “I LOVE YOU” Worm: Carnage Quota $15 Billion
This worm, which was named after the subject line of the email which propagated it, fooled millions of users into thinking they had a secret admirer, but who got nothing but a nasty virus for their troubles. McAfee reckons the cost of the clean-up to businesses alone was $25 billion.
3. Conficker worm: Carnage Quota $9.1 Billion
Things got really sophisticated in 2007 when Conficker infected millions of computers by downloading and installing malware from machines controlled by the virus writers. The malware included a keystroke logger which could remotely lift passwords, credit card details and other valuable personal data.
4. Stuxnet: Carnage Quota unknown
This recent worm, which evidence suggests was created by a joint effort between US and Israeli government agencies, took advantage of several vulnerabilities in Windows and is believed to have put the Iranian nuclear industry, at which it was aimed, back ten years. Government facilities in India, the US and Indonesia are also thought to have been caught in the crossfire.
5. Zeus Botnet: Carnage Quota unknown
Named after a Greek god, this botnet has been around since 2007 stealing personal information by infecting computers and capturing data entered into Internet banking sites including passwords. McAfee reckons it sees up to 700 new variants of Zeus every day.
Top Five On-line Scams
Quite simply, the crook persuades you that your PC is infected with a nasty virus, either over the phone or through a maliciously-crafted website. They then offer to sell you a software solution which will fix the problem. You buy the software using a credit card, which means they now have your credit card details as well as control of your computer, because not only does the AV software you have just paid for contain some pretty nasty malware, it will also disable any genuine security software you have installed.
2. Phishing Scams
Phishing really shouldn't be an issue in this day and age, but McAfee reports that 49,000 phishing sites were detected at the end of 2009. Phishing attacks come in all sorts of flavours, through spam emails, dodgy instant messages, fake friend requests and social networking posts. Awful spelling and terrible grammar are the trademarks of the Phisherman, but we've noticed an increasing sophistication in the dozens of attempts we see every day.
3. Fake Web sites
They look like the real thing and behave like the real thing, and the first you'll probably notice that something's awry is when your credit card is used to buy an ugly, expensive luxury in a Nigerian boutique. From phony banking sites, to auction sites and e-commerce pages, crooks are constantly laying online traps hoping you will be fooled into entering your credit card or personal information. URLs are often misspelt - think www.barcleys.com and you'll get the picture - and are often linked from emails and instant messages outlined in the phishing scams above. There are thought to be more than 1.2 million fake sites masquerading as bona fide businesses as we write.
4. Online Dating Scams
The way to man's heart is through his trousers. Simply put, if you're a 54-year-old, fat, balding bus driver who likes to play World of Warcraft for 20 hours at a time and smells faintly of wee and Old Holborn, and you are approached by a 23-year-old blonde nymphomaniac millionaire, it's probably a scam. It's almost certainly someone who looks and smells a bit like you sitting in an Eastern European tenement block juggling 30 or 40 other potential mugs and convincing them to cough up the cash for anything from an international flight to a life-saving operation.
5. Nigerian Scam
We've all seen these, but if you haven't, have a quick look in your in-box. Some important-sounding foreigner has been left stranded by a coup, or a banking breakdown, or a family feud. They have millions of pounds sitting in an offshore account and would be happy to share it with a complete stranger (that's you) if could only find it in your heart to pay the £500 cash transfer fee. It sounds utterly ridiculous, but these schemes are thought to have raked in millions of pounds from the bewildered, greedy and ill-informed.