Many malware programs record user keystrokes, capture screen shots, look for passwords, and pass the users Web surfing through
a remote proxy server, which can record every bit of data. Phishing, spam, and adware are only making the problem worse.
Criminal Bot Nets
Malware is also becoming much more targeted. A growing percentage of rogue programs include mechanisms such as keyloggers,
which are designed to capture confidential information over a long period of time. Hackers design worms to create sophisticated
bot networks that infect and control thousands of PCs a night to do their bidding. When the bot net is up and running, the
hacker “rents” the malicious network to criminal groups or businesses skirting the letter of the law. They even advertise
“The First Hour Is Free” sales.
Security professionals are trying to deal with this trend, but for every bot they remove from a compromised PC, another two
are added in the same timeframe. The problem is so widespread that we now have a new malware category -- crimeware -- as formal
recognition that malware now springs from professionals.
In its July 2005 newsletter, e-mail security vendor MessageLabs said, “the number and sophistication of targeted e-mail-borne
attacks on businesses is rapidly increasing, with the potential to defraud businesses, steal intellectual property, and extort
money. Analysis of MessageLabs Intelligence data revealed that over the past year there has been a gradual occurrence of targeted
e-mail attacks against businesses and organizations.” The July 2005 newsletter from the Anti-Phishing Working Group warns that phishers “are moving away from some traditional larger targets and hitting a wider base of smaller financial targets.”
Paul Ferguson, a 20-year computer security veteran and senior network engineer and senior architect at Northrop Grumman, sees
today’s malware and bot net schemes as “precursors and alerts to ongoing, massive criminal activity,” bringing with them “a
predatory smell,” he says. “Some of the massive malware spreads seem to be unusually pre-emptive, more interested in information
gathering,” and more inclined to target specific networks, Ferguson says. “After over 20 years of fighting worms, viruses,
and Trojans, I’m used to not overreacting. Two weeks ago I was involved fixing a massive bot net DoS attack that infiltrated
tens of thousands of PCs. I felt like Nero, fiddling while Rome burned.”
Web Attack Vectors
Malware attack vectors follow trends. In the 1980s, boot viruses were all the rage. File and executable viruses made up most
of the attacks in the early 1990s, until macro viruses came onto the scene in 1995. Worms traveling as file attachments have
been dominant for the last decade, but reliance on the SMTP protocol is waning. Many of today’s malicious programs take advantage
of patched and unpatched exploits in Internet browsers. Unsuspecting clients surf to an infected Web page and their computers
are exploited remotely without their even having to physically acknowledge anything.
The Anti-Phishing Working Group notes that the number of Web sites designed to steal passwords doubled in one month, from
June to July 2005. Most of the exploited Web sites included online journals, blogs, and personal storage sites. Microsoft’s
Strider HoneyMonkey project found a zero-day exploit being initiated by a malicious URL. The Santy worm infected Web sites running vulnerable
PHP code and then used Google to find its next victims. The Web is expected to be a growing source for malware attacks over
the next decade.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
