Security Information |
|
Why Malicious Programs Spread So Quickly?
It seems that nowadays cybercriminals prefer cash to fun. That is why malicious programs of various kinds (viruses, worms, Trojan horses, etc.) are very often aimed at stealing valuable -- in a direct sense of this word -- private and financial information. When written, these programs are spread all over the Web. What do means of their distribution have in common? Thinking a bit about it will help us ordinary Web users realize how to behave online and what to avoid. Let's use logic and good old common sense. What do you think are the most suitable (for a criminal)means to spread malicious code? The answer is almost obvious. It is something which, first,ensures his anonymity and, second, offers victims (i.e. us) very little or no protection against malware. Last, but not least -- this means should be very cheap or, even better, free. (I'll confine myself to mentioning only those means which endanger EVERY Internet user. Not everyone exchanges files or downloads music and freeware. But is there anybody who doesn't send and recieve email or visit websites?) Well, if you were a cybercriminal who wanted to spread a malicious program quickly and as widely as possible, how would you distribute it? What first comes to mind? First, sending contaminated emails through spam. It is possible (and not too difficult for, say, a programmer) to enclose virtually anything into the attachment. With more effort, a programmer can create a message without any attachments that will infect a PC anyway. Though many email service providers offer basic anti-virus protection, they aren't obliged to do it. How effective this protection is -- that's another question. Besides, spam is very cheap to distribute. Of course, spammers of all stripes don't use their own machines. Why should they? They prefer PCs which became remotely controlled after being infected with a special program. Cybercriminals build huge networks of such machines and hire them out to spammers. Using "bots" (they are also called "zombies" or "slave computers") gives a spammer so valued anonymity -- spam messages come to frustrated PC users from IP addresses registered somewhere on the other side of the globe. What about other possibilities? Websites. Malicious websites are very dangerous.Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code. When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for stealing information. Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) -- so the information is captured even if the user doesn't type anything, just opens the views the file. Blogs can be contaminated with malware, too. In April experts from Websense Security Labs warned users that they discovered hundreds of these "toxic" (contaminated with malcode) blogs set by hackers. Blogs are suitable for them: there are large amounts of free storage space, no identity authentication is required to post, and there is no scan of posted files for viruses, worms, or spyware in most blog hosting services. Three months passed, and here is the quote from a new Websense report released this Monday, July, 25th : "hackers are using free personal Web hosting sites provided by nationally- and internationally-known ISPs to store their malicious code?" This July Websense detected that these sites are used for this purpose much more often. The company's senior director of security and technology research said that "in the first two weeks alone we found more instances than in May and June combined." By all means it's a tendency, and a very disturbing one. Such sites are free and easy-to-create. With the average lifespan of between two and four days, they are difficult to trace. Free hosting services rarely offer even basic security tools. Short-lived websites,no files scanning for viruses, nothing prevents "authors" form uploading executable files - isn't such a site an ideal tool for distributing malicious code? Anonymity of the creator -- no end user protection -- no cost. What else can a cybercriminal wish? That is why there was the outbreak of "toxic blogs" in April - and that's why infested free websites are multiplying so quickly now. But how to contaminate as many computers as possible? It is the aim of cybercriminals, isn't it? The more traffic, the more programs lands on end users' computers. Hackers attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). They are ingenious in finding new ways to make people open an attachment or click on a link to visit a certain website, though people are constantly told not to follow links in spam. Just some of their dodges -- disguising infected spam emails as CNN news alerts, subject lines with "breaking news" like "Osama bin Laden caught", "Michael Jackson tried to commit suicide". How about celebrities in the nude? Just click! And, one of the latest, an "amateur video" that ostensibly shows London bombing sights. These (and similar) tricks are usually called social engineering. Online criminals have become good psychologists -- the big bucks which crimes like online bank fraud can bring turned them into earnest students. However, there is one thing that spoils the mood of those who spread malicious programs. To hackers' deep regret, people become more aware of the risks they face in the Internet. A study by Pew Internet and American Life Project released on July 6th shows that: 91% (!) of respondents (adult Internet users from the U.S.) changed their behavior online one or way another.81 % have become more cautious about e-mail attachments48 % have stopped visiting certain websites which are said to be harboring malicious programs People stop using file-sharing software (25%) and even start using Mozilla, Firefox or other browser instead of Internet Explorer (18%) Well done! Actually, there is nothing left for us users but to become more conscious of the threats and more cautious in the Web. Every PC user has to care for his information himself, protecting his own computer against numerous data-stealing programs of all sorts. But don't you think that protection against various malicious programs shouldn't be only end users' private business? It is up to service providers to offer at least basic protection for end users and break this "triad" (Anonymity of the creator -- little or no end user protection -- little or no cost) which enables all this crap to spread so easily. Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company that provides various products and services for information security. Software aimed at making identity theft impossible, services like protected email and protected Web hosting are only small part of what this company offers. Learn more -- visit the company's websitehttp://www.anti-keyloggers.com
MORE RESOURCES:
'Blow the whistle': Indiana's top election official spends $35k on security guide mailings • Indiana Capital Chronicle Indiana Capital Chronicle Violence in New Caledonia subsides slightly as France sends reinforcements for security The Associated Press Canada security intelligence chief warns China can use TikTok to spy on users, CBC reports Reuters.com House Passes Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations Israel Resists Grand Bargain as U.S. and Saudis Work on Security Pact The New York Times U.S.-Ukraine Security Entanglement Risks Forever War The American Conservative Sean 'Diddy' Combs Allegedly Paid $50K to Obtain Hotel Security Footage of Cassie Assault: Lawsuit PEOPLE Women are worried about their financial security. That may affect the 2024 presidential election CNBC Palo Alto Networks and IBM to Jointly Provide AI-powered Security Offerings; IBM to Deliver Security Consulting ... IBM Newsroom Now armed with AI, America's adversaries will try to influence election, security officials warn The Associated Press Is AI the future of school security systems? Yahoo! Voices Security video appears to show Sean 'Diddy' Combs beating singer Cassie in hotel hallway in 2016 Washington Times Nuclear security through the eyes of the Co-Presidents of ICONS 2024 International Atomic Energy Agency Appropriators Lead Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations Security footage calls into question Anchorage police account of fatal shooting Alaska Public Media News Security Council Secretary: 'Not an Inch of Armenian Land Ceded to Azerbaijan' • MassisPost Armenian News by MassisPost FCC proposes BGP security measures Network World Identity Management and Information Security News for the Week of May 17; Exabeam, Saviynt, VAST Data, and More Solutions Review Canada Releases Defense Policy Update to Boost Security Department of Defense New Survey Finds a Paradox of Confidence in Software Supply Chain Security Security Boulevard EXCLUSIVE: Two students uncover security bug that could let millions do their laundry for free TechCrunch NATO and Economic Security: A Political Oxymoron or Inevitability? CSIS | Center for Strategic and International Studies Amazon security guard tries to kill unsuspecting boss before he's shot dead in gunfight with police: 'He almost executed me' New York Post Endpoint Security and Network Monitoring News for the Week of May 17; Alkira, Preamble, c/side, and More Solutions Review RSA Conference 2024: AI and the Future Of Security Security Boulevard Diddy Seen Physically Assaulting Cassie in Never-Before-Seen 2016 Hotel Security Footage Entertainment Tonight Putin has ditched his paranoid security chief. Here are 5 of the wackiest things Nikolai Patrushev has said. POLITICO Europe Fox News Poll: Abortion, economy, and border security are top deal-breakers in 2024 elections Fox News 7 months since Oct 7, UN Security Council holds first meeting entirely dedicated to Israeli hostages in Gaza All Israel News See cops working security at Tacoma grocery stores? Here’s why and what policies allow Tacoma News Tribune OWASP dep-scan: Open-source security and risk audit tool Help Net Security Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. - The Washington Post Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. The Washington Post UN sexual violence envoy pulls out of Security Council briefing on Hamas hostages The Times of Israel May 17: IDF fighter jet carries out rare strike on target in West Bank city of Jenin The Times of Israel Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion Security Boulevard Votiro Keeps Up the Momentum in 2024 Security Boulevard An inspector general warned the Justice Department of gaps in its security clearance appeals process Government Executive Multnomah County Signs $40 Million Contract for Armed and Unarmed Security at County Facilities, Including Public ... Willamette Week A Free, Prosperous, and Secure Future for Ukraine - United States Department of State Department of State JLOTS, an obscure Army-Navy capability, arrives in Gaza NavyTimes.com Cybersecurity Insights with Contrast CISO David Lindner | 5/17/24 Security Boulevard America's Envoy to the United Nations Gets 'Honest' With Security Council About the Fate of Hamas's Hostages The New York Sun Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds Security Boulevard The situation concerning Iraq - Security Council, 9628th meeting Welcome to the United Nations The Dell API Breach: It could have been prevented Security Boulevard Response to CISA Advisory (AA24-131A): #StopRansomware: Black Basta Security Boulevard 'Abnormal' security video, Google Drive led to Stephan Sterns' arrest in Madeline Soto case, documents show WKMG News 6 & ClickOrlando USENIX Security ’23 – AEX-Notify: Thwarting Precise Single-Stepping Attacks Through Interrupt Aware... Security Boulevard Making Safety and Security Intrinsic to School Design Campus Security Today U.S. Security Cooperation with Ukraine - United States Department of State Department of State Belgium cuts off ticket sales for soccer match against Israel over ‘security concerns’ The Times of Israel Security fog machine helps deter burglars from Chatsworth business FOX 11 Los Angeles Donald Trump to visit St. Paul. What are the security expenses? St. Paul Pioneer Press Galaxy Tab S9 lineup gets Android's May 2024 security update SamMobile - Samsung news French security forces impose 'calmer' situation in New Caledonia under emergency powers FRANCE 24 English In first, UN Security Council holds meeting solely focused on hostages held by Hamas The Times of Israel |
RELATED ARTICLES
Dont Allow Hackers to Take Out Money from Your Bank Account If you know what is the 'Fishing' then it's very easyto understand the definition of 'Phishing'. Justreplace letter 'F' from the word Fishing with 'Ph'. Firewalls: What They Are And Why You MUST Have One! A firewall is a system or gateway that prevents unauthorized access to your computer or private network. It is usually the first line of defense in protecting your private information or data. Click Here To Defeat Evil Microsoft routinely releases new security updates, many of which are given it's highest severity rating "critical". Here's a typical announcement:"A security issue has been identified that could allow an attacker tocompromise a computer running Internet Explorer and gain control over it. Information Security for E-businessmen: Just a Couple of Ideas If you constantly deal with bank or electronic accounts, it must beyour worst nightmare--to wake up and learn that you are a bankrupt.Some crook stole your personal data and all the money you have beensweating blood for years has flown to somebody else's account. Personal Firewalls - Secure Your Computer There has not been a time in the history of the personal computer that firewalls and anti-virus programs have been more necessary and in-demand. Today, personal computer security is not only threatened by viruses and worms, but also by spyware - those severely annoying programs that are illegally loaded onto your computer from the internet. Fishing for Fortunes. Scam! Spelt phishing, but pronounced as above, this despicable act is an effort to batter your bankroll or commandeer your cash.To put it simply, you can get emails from account administrators, which strongly urge you to update details attached to that account. How To Avoid Hackers From Destroying Your Site? Recently, my site and other internet accounts ( http://www.nabaza. A Painless Plagiarism Solution A crowded marketplace can lead to unethical webmasters using underhand techniques to get ahead of their competitors and online plagiarism is one of the easiest.I had worked hard on the copy for my sales page at Watch Live Football (http://www. Spyware Attacks! Windows Safe Mode is No Longer Safe Many of us have run into an annoying and time-consuming error. With your machine running goofey you decide to run a scan for trojans and spyware. Preventing Online Identity Theft Identity theft is one of the most common criminal acts in society today. Criminals will use your personal information such as banking accounts and passwords, to pretend that they are you. Secure Your PC From Hackers, Viruses, and Trojans Viruses, Trojans and Spyware: Protecting yourself.No user on the internet is safe from assault. How To Be Your Own Secret Service Agency So you want to know who your kids are chatting with. Or if your spouse has a blossoming e-mail romance. Web and Computer Security Well, if that would have been said to me by my father when I was 2 years of age, I would have understood. But when today, my own computer tells me that when I am 34, I wonder why I spent $1500 on my computer hardware and software just to enjoy the (un-realized) benefits of this great and revolutionary information technology?Today’s cyberspace is hazardous. Why you Must Secure your Digital Product and Thank You Web Page A couple of years back, I paid my dues the 'hard way'.My web site was up and running, the sales letter had been 'crafted' with the most influential marketing techniques and the profits had been consistently coming-in, until. Network Security 101 As more people are logging onto the Internet everyday, Network Security becomes a larger issue. In the United States, identity theft and computer fraud are among the fastest rising crimes. An Open Letter From a So-called Stupid Someone recently told me, "You would have to be a stupid to lose your personal information." While I respectfully responded to this person in the moment, the comment has stuck with me. An Open Door To Your Home Wireless Internet Network Security? This is not some new fangled techno-speak, it is a real tool to be used for the protection of your wireless internet network and LAN. African American SMBs have to realize that if your Internet connection is on 24/7 then your network, and it is a network that your computer is connected to, is at risk. Can I Guess Your Password? We all know that it's dangerous to use the same password for more than one program. If you sign up for a program run by someone of low moral fibre, what is to stop them running through various programs with your username and password to see what they can access? But of course remembering all the different passwords can be a headache. How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer If you use the internet, you have probably been infected with a virus, trojan or spyware. According to the SANS Internet Storm Center, the average unprotected PC is infected within 20 minutes of normal internet usage. Blogs as Safe Haven for Cybercriminals? To blog or not to blog? Well, why not? Lots of people like either to write or to read blogs -- sometimes both. The much-quoted survey by the Pew Internet & American Life Project, says 27 percent read blogs. |
home | site map |
© 2006 |