How Effective Can Law Enforcement Be in Clamping Down on Phishing Web Sites?

It is well documented that “spam” – and the malware that comes with it – is big business. Security experts estimate that a successful spam (unwanted commercial email) campaign can produce anywhere from $400,000 to $1 million in revenue for a criminal enterprise. The Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) found that during a 30-month period from January 2012 to June 2014abusive email (spam, virus-infected messages and the like) accounted for 87.1% to 90.2% of the world’s email traffic. The M3AAWG report covered more than 400 million inboxes worldwide. Spammers, according to NW3C Computer Crime Specialist Jeremiah Johnson, have two primary goals: committing fraud and distributing malware. Once executed, malware increases the number of botnets available to spread even more spam or to mount attacks on secure networks. Malware most commonly comes in the form of executable files either delivered through spam emails or hidden behind clickable images or links on websites. Malware infects a machine and allows remote users to take over the system, rendering the machine part of a botnet. Botnet masters (crooks or criminal collectives that control various zombie computer networks) will lease their drones to the highest bidders. Understanding the connection between spam and cybercrime, and understanding why malware-distributing, or “phishing” sites, are such lucrative criminal tools, can help law enforcement track down criminal networks and shut down harmful operations, Johnson said. It is important that more investigators understand how websites are being targeted to host “phishing” kits to lure unsuspecting victims into giving out their personal information, he explained. How effective can the M3AAWG and law enforcement be in combating malware? Send your comments to the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/