Five top e-security challenges

http://infotech.indiatimes.com/quickiearticleshow/msid-23769 94.cms

Five top e-security challenges

Online crooks are quickly enlarging an already vast sales and distribution network to propagate spam and send malicious software in hopes of infecting millions of computers worldwide, according to a new report. Hi-tech criminals with information culled from job sites, online games or social networking sites are teaming up with phishing gangs and spammers.

The report released by the security software maker Symantec Corp says sophisticated thieves sell code to criminal middlemen for as much as $1,000 per programme. The middlemen then push the code to consumers, who may be duped into participating in a scam, or who may have their passwords, financial data and other personal data stolen and used by identity theft rings.

The report, which covers the first six months of 2007, draws on attack data gathered from more than 120 million computers running Symantec antivirus software and more than 2 million decoy e-mail accounts designed to attract spam and other shady messages from around the world.

The researchers detected more than 2,12,000 new malicious code threats in the first half of 2007 -- a nearly 200 per cent boost from the previous six months. Here's looking into the thriving underground economy.

http://infotech.indiatimes.com/quickiearticleshow/msid-23769 88.cms

It's all about money

Cyber crime had become increasingly professional and is now a multi-billion dollar industry. c is now mainly about making money by stealing data. The attacks are increasingly being launched by malicious computer code hiding in trusted websites that people visit regularly through their web-browsers.

The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts.

Credit cards were the most common commodity advertised on underground economy servers that Symantec found, accounting for 22 per cent of all items.

The education sector topped all sectors for data breaches that could lead to identity theft, accounting for 30 per cent of all such data breaches over the first six months of 2007.

http://infotech.indiatimes.com/quickiearticleshow/msid-23769 85.cms

US leads

The sale of stolen personal information online continues to grow. The United States is the top country for so-called underground economy servers, home to 64 per cent of the computers known to Symantec to be places where thieves barter over the sale over verified credit card numbers, government-issued identification numbers and other data. Germany was second and Sweden ranked third.

The US is also the target of the most denial of service (DOS) attacks, accounting for 61 per cent of all such attacks worldwide in the first half of this year.

The report also says that Israel proved to have the most malicious activity per Internet user during the first half of the year, followed by Canada and the United States.

http://infotech.indiatimes.com/quickiearticleshow/msid-23769 81.cms

Herding Bots

China had the most computers infected by Web robots, or bots - software that performs automated tasks online, such as propagating spam, often without the knowledge or consent of the computer's owner. China had one-third the world's computers conscripted by "bot herders."

Bot herders are crackers who use automated techniques to scan specific network ranges and find vulnerable systems, such as machines with latest security patches missing, on which to install their bot programme. The infected machine then becomes one of many zombies in a botnet and responds to commands given by the bot herder, usually via an Internet Relay Chat channel.

Bot networks, networks of infected computers that are controlled by criminals, have a lifespan of 19 days in Canada, the longest lifespan of bot networks anywhere in the world.

http://infotech.indiatimes.com/quickiearticleshow/msid-23769 69.cms

Ready-made evil kits

A small number of malicious "toolkits" -- bundles of exploits that allow criminals to customise their own scams and attacks -- is responsible for a growing number of attacks.

Only three toolkits were responsible for 42 per cent of the 2.3 million so-called 'phishing' messages spotted and blocked by Symantec during the first six months of the year. Crooks use phishing messages to try and steal personal and financial information by tricking people into entering private information into bogus websites that look like the sites of legitimate brands such as banks or popular retailers. Such toolkits cost $300 to $800.

A widely available toolkit in early 2007 -- called MPack -- sold online for $1,000 and allowed users to launch attacks in Web browsers against people who surf on malicious or compromised sites. In some cases it appeared to come with a support pack from its authors, Symantec said.

http://infotech.indiatimes.com/quickiearticleshow/msid-23769 59.cms

Exploding numbers

The number of threats caused by malicious code has ballooned. In the first six months of the year, 212,101 new malicious code threats were reported to Symantec, an increase of 185 per cent over the previous six months.

But researchers agreed that professional-grade service agreements between cyber criminals and their agents was the most alarming trend.

Regards,
Tanveer😊😃