nds76
03-08-2006, 9:48am
VANCOUVER — One of the world's leading Internet security firms expects a spike in criminal activity involving zombie computers in the next six to 18 months.
Vulnerabilities in Microsoft's popular media player and a component of Mozilla's Firefox web browser left users vulnerable to malicious code from dubious web sites until the companies released patches to close the loopholes.
Dean Turner, executive editor of Symantec Corp.'s Internet security threat report, says there's no evidence hackers have exploited these openings yet to insert viruses that draft unprotected computers into so-called bot nets.
But they're examples of a trend by hackers to use vulnerabilities in web applications to attack computers without having to rely on someone to open an infected e-mail.
Bot nets are armies of computers, sometimes numbering in the thousands, that can be used for sending spam and spyware, fishing for confidential financial information and even mounting mass attacks on corporate or government networks.
They're highly prized in the cyber underworld, sometimes rented out by their operators to criminal gangs to commit fraud and theft.
The media player and Mozilla problems are examples of how new vulnerabilities can have potential consequences in a cyber world increasingly stalked by sophisticated criminals, says Turner.
"Right now that's the future of these sorts of attacks," he says.
Symantec, which sells the popular Norton computer security product line, on Tuesday released its threat report for the last half of 2005 and its February 2006 update that outlined the latest vulnerabilities.
The reports, based on data from Symantec's worldwide network that closely tracks cyber threats, said the use of malicious code for profit continues to grow.
Threats that could reveal confidential information rose to 80 per cent of the top 50 malicious code samples, up from 74 per cent in the first half of 2005.
The use of modular malicious code accounts for 88 per cent of Symantec's top 50 list, up from 77 per cent in the previous six months.
Modular malicious code is especially dangerous, Turner said in an interview from Calgary, because initially it looks fairly innocuous. But it can open the door for the hacker to later load more dangerous programs into the vulnerable machine.
In the case of Microsoft's media player, for instance, the danger arises when a user loads a web page embedded with a malicious media tag that triggers an overflow error in the media player.
To be exposed, users don't have to open a suspect e-mail; they merely have to click on the infected item contained in the web page.
"We figured that it's likely that attackers are going to try to take advantage of a vulnerability in web applications and then leave behind a trojan very quietly, very stealthily, and use that to then take advantage of a vulnerability in the web browser to infect the machine," said Turner.
"That's when we're going to see a real boom, the next big one."
Bot-net activity actually appeared to drop in the last half of 2005 but Turner said the statistic is deceiving.
"What that indicates is that these guys are getting that much more stealthy and they know that large ISPs (Internet service providers) and governments are looking for the activity bot networks exhibit and they're shutting them down," he said.
"These things are such valuable resources to these guys - again primarily because of financial needs - that they're very careful about when they bring them on line."
Bot-net operators are notoriously hard to catch. While the United States is the No. 1 host country for bot nets and their command-control servers - Canada is No. 3 behind South Korea - the "bot herder" can live anywhere.
"Most of these guys will come through five, six, even 10 different machines in various different countries before they issue the command to do whatever they're telling the bot network to do," said Turner.
Once a software vulnerability is exposed, Turner said it takes less than a week for hackers to come up with an exploit for it.
And although the timelag has shrunk, it still takes about six weeks before software vendors issue a security patch.
The challenge is growing, Turner said, given the widening scope of threats that started by attacking Windows-based PCs and now are targeting Apple MacIntosh OS X systems, networked video-game consoles, wireless handheld devices and even cellphones.
Regardless of the threat, the advice from security experts remains the same: set up a layered defence network that includes a hardware router, firewall, anti-virus, anti-spyware programs and up-to-date security patches for operating systems and applications.
Symantec posts information on the latest threats on its web site - www.symantec.com.
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20060307/internet_vancouver_060307/20060307?hub=SciTech
Vulnerabilities in Microsoft's popular media player and a component of Mozilla's Firefox web browser left users vulnerable to malicious code from dubious web sites until the companies released patches to close the loopholes.
Dean Turner, executive editor of Symantec Corp.'s Internet security threat report, says there's no evidence hackers have exploited these openings yet to insert viruses that draft unprotected computers into so-called bot nets.
But they're examples of a trend by hackers to use vulnerabilities in web applications to attack computers without having to rely on someone to open an infected e-mail.
Bot nets are armies of computers, sometimes numbering in the thousands, that can be used for sending spam and spyware, fishing for confidential financial information and even mounting mass attacks on corporate or government networks.
They're highly prized in the cyber underworld, sometimes rented out by their operators to criminal gangs to commit fraud and theft.
The media player and Mozilla problems are examples of how new vulnerabilities can have potential consequences in a cyber world increasingly stalked by sophisticated criminals, says Turner.
"Right now that's the future of these sorts of attacks," he says.
Symantec, which sells the popular Norton computer security product line, on Tuesday released its threat report for the last half of 2005 and its February 2006 update that outlined the latest vulnerabilities.
The reports, based on data from Symantec's worldwide network that closely tracks cyber threats, said the use of malicious code for profit continues to grow.
Threats that could reveal confidential information rose to 80 per cent of the top 50 malicious code samples, up from 74 per cent in the first half of 2005.
The use of modular malicious code accounts for 88 per cent of Symantec's top 50 list, up from 77 per cent in the previous six months.
Modular malicious code is especially dangerous, Turner said in an interview from Calgary, because initially it looks fairly innocuous. But it can open the door for the hacker to later load more dangerous programs into the vulnerable machine.
In the case of Microsoft's media player, for instance, the danger arises when a user loads a web page embedded with a malicious media tag that triggers an overflow error in the media player.
To be exposed, users don't have to open a suspect e-mail; they merely have to click on the infected item contained in the web page.
"We figured that it's likely that attackers are going to try to take advantage of a vulnerability in web applications and then leave behind a trojan very quietly, very stealthily, and use that to then take advantage of a vulnerability in the web browser to infect the machine," said Turner.
"That's when we're going to see a real boom, the next big one."
Bot-net activity actually appeared to drop in the last half of 2005 but Turner said the statistic is deceiving.
"What that indicates is that these guys are getting that much more stealthy and they know that large ISPs (Internet service providers) and governments are looking for the activity bot networks exhibit and they're shutting them down," he said.
"These things are such valuable resources to these guys - again primarily because of financial needs - that they're very careful about when they bring them on line."
Bot-net operators are notoriously hard to catch. While the United States is the No. 1 host country for bot nets and their command-control servers - Canada is No. 3 behind South Korea - the "bot herder" can live anywhere.
"Most of these guys will come through five, six, even 10 different machines in various different countries before they issue the command to do whatever they're telling the bot network to do," said Turner.
Once a software vulnerability is exposed, Turner said it takes less than a week for hackers to come up with an exploit for it.
And although the timelag has shrunk, it still takes about six weeks before software vendors issue a security patch.
The challenge is growing, Turner said, given the widening scope of threats that started by attacking Windows-based PCs and now are targeting Apple MacIntosh OS X systems, networked video-game consoles, wireless handheld devices and even cellphones.
Regardless of the threat, the advice from security experts remains the same: set up a layered defence network that includes a hardware router, firewall, anti-virus, anti-spyware programs and up-to-date security patches for operating systems and applications.
Symantec posts information on the latest threats on its web site - www.symantec.com.
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20060307/internet_vancouver_060307/20060307?hub=SciTech