|
Favorits •
Web Domain Directory •
ODP •
Annuaire FR •
Directorio ES •
Directory EN •
Diretório PT •
IT Katalog •
Czech Katalog •
Polski Katalog •
Maps •
Satellite Photos •
View Card
|
||
|
|
Security |
|
|
| ||
 |
Why Malicious Programs Spread So Quickly?
It seems that nowadays cybercriminals prefer cash to fun. That is why malicious programs of various kinds (viruses, worms, Trojan horses, etc.) are very often aimed at stealing valuable -- in a direct sense of this word -- private and financial information. When written, these programs are spread all over the Web. What do means of their distribution have in common? Thinking a bit about it will help us ordinary Web users realize how to behave online and what to avoid. Let's use logic and good old common sense. What do you think are the most suitable (for a criminal)means to spread malicious code? The answer is almost obvious. It is something which, first,ensures his anonymity and, second, offers victims (i.e. us) very little or no protection against malware. Last, but not least -- this means should be very cheap or, even better, free. (I'll confine myself to mentioning only those means which endanger EVERY Internet user. Not everyone exchanges files or downloads music and freeware. But is there anybody who doesn't send and recieve email or visit websites?) Well, if you were a cybercriminal who wanted to spread a malicious program quickly and as widely as possible, how would you distribute it? What first comes to mind? First, sending contaminated emails through spam. It is possible (and not too difficult for, say, a programmer) to enclose virtually anything into the attachment. With more effort, a programmer can create a message without any attachments that will infect a PC anyway. Though many email service providers offer basic anti-virus protection, they aren't obliged to do it. How effective this protection is -- that's another question. Besides, spam is very cheap to distribute. Of course, spammers of all stripes don't use their own machines. Why should they? They prefer PCs which became remotely controlled after being infected with a special program. Cybercriminals build huge networks of such machines and hire them out to spammers. Using "bots" (they are also called "zombies" or "slave computers") gives a spammer so valued anonymity -- spam messages come to frustrated PC users from IP addresses registered somewhere on the other side of the globe. What about other possibilities? Websites. Malicious websites are very dangerous.Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code. When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for stealing information. Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) -- so the information is captured even if the user doesn't type anything, just opens the views the file. Blogs can be contaminated with malware, too. In April experts from Websense Security Labs warned users that they discovered hundreds of these "toxic" (contaminated with malcode) blogs set by hackers. Blogs are suitable for them: there are large amounts of free storage space, no identity authentication is required to post, and there is no scan of posted files for viruses, worms, or spyware in most blog hosting services. Three months passed, and here is the quote from a new Websense report released this Monday, July, 25th : "hackers are using free personal Web hosting sites provided by nationally- and internationally-known ISPs to store their malicious code?" This July Websense detected that these sites are used for this purpose much more often. The company's senior director of security and technology research said that "in the first two weeks alone we found more instances than in May and June combined." By all means it's a tendency, and a very disturbing one. Such sites are free and easy-to-create. With the average lifespan of between two and four days, they are difficult to trace. Free hosting services rarely offer even basic security tools. Short-lived websites,no files scanning for viruses, nothing prevents "authors" form uploading executable files - isn't such a site an ideal tool for distributing malicious code? Anonymity of the creator -- no end user protection -- no cost. What else can a cybercriminal wish? That is why there was the outbreak of "toxic blogs" in April - and that's why infested free websites are multiplying so quickly now. But how to contaminate as many computers as possible? It is the aim of cybercriminals, isn't it? The more traffic, the more programs lands on end users' computers. Hackers attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). They are ingenious in finding new ways to make people open an attachment or click on a link to visit a certain website, though people are constantly told not to follow links in spam. Just some of their dodges -- disguising infected spam emails as CNN news alerts, subject lines with "breaking news" like "Osama bin Laden caught", "Michael Jackson tried to commit suicide". How about celebrities in the nude? Just click! And, one of the latest, an "amateur video" that ostensibly shows London bombing sights. These (and similar) tricks are usually called social engineering. Online criminals have become good psychologists -- the big bucks which crimes like online bank fraud can bring turned them into earnest students. However, there is one thing that spoils the mood of those who spread malicious programs. To hackers' deep regret, people become more aware of the risks they face in the Internet. A study by Pew Internet and American Life Project released on July 6th shows that: 91% (!) of respondents (adult Internet users from the U.S.) changed their behavior online one or way another. 81 % have become more cautious about e-mail attachments 48 % have stopped visiting certain websites which are said to be harboring malicious programs People stop using file-sharing software (25%) and even start using Mozilla, Firefox or other browser instead of Internet Explorer (18%) Well done! Actually, there is nothing left for us users but to become more conscious of the threats and more cautious in the Web. Every PC user has to care for his information himself, protecting his own computer against numerous data-stealing programs of all sorts. But don't you think that protection against various malicious programs shouldn't be only end users' private business? It is up to service providers to offer at least basic protection for end users and break this "triad" (Anonymity of the creator -- little or no end user protection -- little or no cost) which enables all this crap to spread so easily. Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company that provides various products and services for information security. Software aimed at making identity theft impossible, services like protected email and protected Web hosting are only small part of what this company offers. Learn more -- visit the company's website http://www.anti-keyloggers.com
MORE RESOURCES: |
|
|
|
RELATED ARTICLES
Firewalls: What They Are And Why You MUST Have One! A firewall is a system or gateway that prevents unauthorized access to your computer or private network. It is usually the first line of defense in protecting your private information or data. Click Here To Defeat Evil Microsoft routinely releases new security updates, many of which are given it's highest severity rating "critical". Here's a typical announcement:"A security issue has been identified that could allow an attacker to compromise a computer running Internet Explorer and gain control over it. Detect Spyware Online You can detect spyware online using free spyware cleaners and by installing spyware protection software on your computer. Often it's best to start with free spyware cleaners because these free programs will remove any spyware programs currently running on your computer. Message Board Security Problems Security leaks can be a big problem for any site using a message board. Hackers can actually use your message board to go in and change things on your site. Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26 Jul 2005 19:20:51 -0800Dear valued PayPal® member,Due to recent fraudulent transactions, we have issued the following security requirements.It has come to our (attion)**Spelling Mistake**, that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. Are They Watching You Online? When surfing the Internet you probably take your anonymity for granted, most of us do.Tapping phones, listening to confidential conversations, reading others' e-mail messages seems like something that only happens in spy movies to "other" people. Web and Computer Security Well, if that would have been said to me by my father when I was 2 years of age, I would have understood. But when today, my own computer tells me that when I am 34, I wonder why I spent $1500 on my computer hardware and software just to enjoy the (un-realized) benefits of this great and revolutionary information technology?Today’s cyberspace is hazardous. Website Security - Creating a Bulletproof Site in 5 Easy Steps When it comes to a secure website and passwords it is all in your hands to create a password that a hacker simply cannot crack. However, this will require that you be creative and use everything at your fingertips to create the strongest password possible for a secure web site. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. Internet Small Business and Fraud Be careful of sites that promise to send you "instant pins". These companies usually have lax credit card security and can afford customer charge backs from fraudulent transactions. With the Rise of Internet Crimes, Users are Turning to High-Tech "PI's" for Solutions High-tech private investigators are becoming the answer for many Internet users who have been victimized online. The use of e-mail by that unethical element lurking in cyberspace rings all too common these days. Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers I am the victim of an internet scam. It is very hard to write that sentence, but it's necessary in order to warn my fellow clowns, magicians and other entertainers, and to prevent them from being taken for $2,800. Phishing - Learn To Identify It Phishing: (fish'ing) (n.)This is when someone sends you an email falsely claiming to be a legitimate business - like your bank or credit card company - in an attempt to scam you into giving them your personal, private information that they can use to access your accounts. Spyware Removal Spyware SolutionProbably Today's Biggest Computer Problem. You Suffer Without Knowing Your PC is Infected! "The effects can be devastating. Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders Can you protect your computer from all possible viruses and other invasions?The quickest answer to this is "no." It's just flat impossible to protect your computer from all viruses, registry attacks, worms, spyware, malware, popups, and other such nasties. How To Cover Your Tracks On The Internet Every single time you access a website, you leave tracks. Tracks that others can access. An Open Letter From a So-called Stupid Someone recently told me, "You would have to be a stupid to lose your personal information." While I respectfully responded to this person in the moment, the comment has stuck with me. HackAttack P C. owners are constantly at risk from attacks by hackers. Identity Theft Offline -- So Many Possibilities Chris Simpson, head of Scotland Yard's computer crime unit was unpleasantly surprised to learn how easy it is to cheat anybody out of his or her personal info -- by means of a fake survey.This survey wasn't a scam; in fact, it was an experiment. New Mass Mailing Spamming Internet Trojan for the Windows Platform May. 16th 2005 - MicroWorld has reported the discovery of Troj/Sober-Q, which is a mass mailing spamming internet Trojan for the Windows platform.
|