http://news.com.com/Whats+the+next+se
curity+threat/2100-7349_3-6061341.html
By Ron Condon
Special to CNET News.com
April 17, 2006
In January this year, 20-year-old Jeanson James Ancheta
pleaded guilty
in a California court to charges that he had broken into
government
computers and taken control of them for purposes of fraud.
He had planted Trojan software on the systems at the China
Lake Naval
Facility in California's Mojave Desert, enabling him to
manipulate
computers on the network there. He had then used the
computers to
generate hits on Web site advertisements, for which the
advertisers
paid according to the traffic they received.
It sounds like an overelaborate and harmless prank, except
that
Ancheta admitted the scam had netted him $60,000 before it
had been
detected.
Furthermore, it emerged that he controlled some 400,000
computers
around the world, which he could manipulate remotely to do
his
bidding--to generate advertisement traffic, to send out
infected
software to more vulnerable computers, to pump out spam.
Ancheta is typical of the new breed of criminal on the
Internet,
motivated by money and determined to work by stealth. The
spyware or
Trojan horses they plant on unsuspecting users' machines do
not draw
attention to themselves, but once installed, they work as
slaves to
their remote masters.
Users are rarely aware that their machines have been
hijacked. The
system continues to work, albeit slightly more slowly at
times, and
they have no control over the secret tasks it is being asked
to
perform.
Bot networks, which are armies of these hijacked computers,
have
become the predominant feature of the Internet threat
landscape.
According to security company CipherTrust, more than 180,000
PCs are
turned into zombies every day, and that figure is
continually rising.
The botnets are used by their owners to defraud Internet
advertisers,
as in Ancheta's case, or they can be rented out by the hour
to those
who want to carry out cheap mass-mailing campaigns.
Extortionists may
also rent them to launch denial-of-service attacks on
legitimate Web
sites.
These professional operations are taking over where the
traditional
hobbyist hackers left off. "We are seeing less of the
big virus
outbreaks such as Sasser and Blaster, and so some people
believe the
situation is getting better, when in fact it is getting
worse," said
Mikko Hypponen, chief research officer at security company
F-Secure.
"The bad boys are getting more professional and doing
more targeted
attacks."
He sees botnets as a major problem that cannot be easily
fixed,
because the hijacked machines are mostly home PCs connected
to an ADSL
line. "It takes a lot of end-user support to explain
to a grandmother
how to configure the computer. So most ISPs are not doing
anything
about it," he said.
New phishing grounds
Most analysts forecast that phishing attacks too will
continue to grow
in number and in sophistication.
David Sancho, an antivirus engineer at security company
Trend Micro,
gave an example of a recent attack in Germany which
pretended to come
from an electricity company. It asked recipients to check
their bill
by clicking on an attached PDF document, which is how the
genuine
electricity company operates. But the attachment in this
case had a
suffix of .pdf.exe, and planted a Trojan on the user's
machine.
"Once active, it monitors every Internet connection,
every access to
Web pages and access to the bank, and reports it back to the
creator
of the Trojan," Sancho said. "It is smarter,
because they don't have
to set up a fake server."
F-Secure's Hypponen also forecast that phishers will find
ways to
crack the one-time passwords that some banks have introduced
as a
security measure. In one case, the user has a list of
authorization
codes on a slip of paper sent by the bank.
"The target is fooled into logging into a fake bank,
where they ask
for his authorization code. The fake bank logs into the real
bank with
the one-time password and moves money around. Then it gets
back to the
customer, says there has been a problem and asks him to give
the next
code," Hypponen said.
The biggest problem for the phishers, he said, is finding
new suckers
to fool. As more people become aware of phishing attacks,
the
attackers are going for smaller targets and into different
languages,
such as Greek, Czech and Finnish.
While Windows PCs remain the prime target for attacks,
prepare to see
more activity targeted at the mobile phone. F-Secure says it
has now
detected 179 cell phone viruses and estimates that some tens
of
thousands of handsets are infected.
Nokia has reacted by launching handsets with antivirus
protection
built in, and the newly released version 9 of the Symbian
operating
system has improved security, so it may be possible to nip
some mobile
viruses in the bud.
Or maybe not. F-Secure recently detected the first malicious
Java
software on a cell phone, meaning it could affect most
handsets, and
not just the high-end models, Hypponen said. And in March,
he spotted
a Trojan horse that plants itself on the cell phone and
calls a
premium rate number in Russia, each time clocking up five
euros
($6.04) for the criminal who sent it.
Even so, the rapidly growing world population of broadband
users means
that botnets will continue to be the main focus for Internet
criminals. All of the people in the Rogues Gallery of the
world's top
10 spammers, on the Spamhaus Project Web site, are
constantly topping
up their networks with new zombie machines owned by people
with little
concept of security. And they do not restrict themselves to
mass
e-mailing--their activities extend into child pornography,
extortion
and fraud.
And botnets open up another danger, according to Dave Rand,
chief
technologist for Internet content security at Trend Micro.
Their
combined computing power could be used to decrypt Internet
traffic, he
says. If that were to happen (and there is no sign of it
yet), it
could bring e-commerce to a grinding halt.
Ron Condon reported for Silicon.com from bond.
Copyright ©1995-2006 CNET Networks, Inc. All rights
reserved.
_________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
|