Cybercrooks get even more crafty, sophisticated

— -- The Chinese Year of the Rat begins next week. In the cyberunderground, it is already shaping up to be the Year of the Clever Rat, as crooks scurry to perfect ways to steal data and commit fraud.

One pioneering gang is taking over home network routers instead of PC hard drives, a sneakier way to hijack online accounts. Another has perfected a way to use compromised PCs to repeatedly click on Internet ads to generate ad payments to the crooks.

Phishing specialists are putting finer touches on scams to trick people into divulging sensitive personal data on fake Web pages. Meanwhile, top-level crime rings are getting stealthier and more efficient at herding millions of compromised PCs, referred to as bots, into networks that they deploy to steal data, commit extortion and spread spam.

"We fully expect attacks to become even more frequent and continue to grow increasingly more sophisticated in 2008," says Mary Landesman, senior researcher at security firm ScanSafe.

What's going on? Banks, retailers and Internet companies constantly expand e-commerce via slick website features and high-speed Internet connections. Doing so creates new doors and windows for cybercrooks to test. Cutting-edge breaches involve:

Copy cats now are the concern. "This attack technique can be generalized quite easily to go after multiple router brands and multiple banks," Ramzan says.

•Phishers. Newly available at a French website: a turn-key phishing kit with everything needed to create bogus bank websites, including templates of official-looking bank letters requesting data. In another current scam, an e-mail targets high-net-worth individuals with ruses keying off the arrival of tax season, says Keith Crosley, marketing director at security firm Proofpoint.