Articles  -    Page 6

Page 1 |  Page 2 | Page 3 | Page 4 | Page 5 | Page 6 
 Page 7 | Page 8 | Page 9 | Page 10 | Page11
Return to Articles Index Page

2006 was the year cyber-criminals targeted everything from MySpace to Wikipedia.
Computer security experts said 2006 was also the year hacking stopped being just a hobby and became a lucrative profession for computer developers and software sellers.
Like true business people, hackers not only broadened their reach by attacking popular social networking sites, they also diversified their product line by launching attacks through popular software applications like PowerPoint and Adobe Reader and expanded their activities overseas. Software makers trying to stop online crooks claim they’re bracing for a new level of nastiness in 2007, including websites booby-trapped with software that automatically loads itself on the machines of users.
“Hackers realise they have a limited time before their attacks are blocked, so they are opening up their arsenal and trying everything possible,” says Yuval Ben-Itzhak, of internet security company Finjan Software.
Alex Eckelberry, president of Sunbelt Software, expects attackers to target Windows Vista, Microsoft’s new operating system.
“The problem is Microsoft has thrown down the gauntlet and said, ‘We have a secure operating system’,” he said.
Eckelberry, whose company is developing software for Vista, says his developers have already found bugs – an indication that the software could be vulnerable.
Microsoft has already acknowledged one Vista flaw.
Meanwhile, the criminal underground has begun peddling information about Vista’s vulnerabilities – one of the many ways that unscrupulous programmers have found to profit from their expertise.
Other scams include combining a traditional pump-and-dump stock scam with the takeover of online brokerage accounts and renting out vast networks of zombie computers, known as botnets, to other digital desperados.
“The first viruses were nothing but mischief,” says David Moll, chief executive of Webroot Software.
“Now that there is money to be made, it has changed the game entirely.”
“Cybercriminals are now more creative, organised and business-savvy,” according to a recent report from Websense, a San Diego computer-security company.
“True ‘companies’ have emerged, producing and selling toolkits and developing business-partner programs that enable less-technical, ‘traditional’ criminals to steal data and make money - lots of it.”
It used to be that the biggest cyberthreats came from e-mails infected with pernicious worms and viruses. No longer.
According to Ben-Itzhak of Finjan Software, the web itself is spreading infections, thanks to tens of thousands of sites carrying code that is designed to let an outsider steal information from someone’s computer.
Some of the code is designed so that it automatically downloads itself the minute a user accesses a web page.
Other sites prompt a user to accept what seems to be legitimate software but is actually a malicious program.
In 2006, some MySpace users who had forgotten to patch their computers were infected by a banner ad that silently installed spyware on their computers, according to iDefense Labs, a division of VeriSign.
According to websense, during the first half of 2006 there was a 100 per cent increase in sites designed to install forms of “crimeware” that could log keystrokes or record information entered into online forms.
Altogether, Websense counted 16,663 sites that carried code for stealing passwords, including banking passwords, during that period.
Microsoft’s security team, which has one of the most comprehensive sets of data on security risks, says it removed 10 million pieces of malicious software from nearly 4 million computers during the first half of 2006.
The technique of creating deceptive web sites is known as phishing. According to the AntiPhishing Working Group, the number of phishing sites reported to the coalition increased 70 per cent to 26,877 in October, compared with 15,820 in October 2005.
Booby-trapped sites turn up in search results. A recent study by McAfee, a California security-software maker, found that 1 in about 1,000 web sites appearing in popular search results carried code designed to attack someone’s computer.
McAfee provides a free Site Advisor software plug-in that alerts users about potentially dangerous sites. In addition, in early November, Google started warning users who clicked on search results that Google believed could be dangerous. In an explanatory note posted in its web-search help centre, Google said the sites it flagged could carry software that could “delete data on your computer, steal personal information such as passwords and credit card numbers, or alter your search results.”
Other companies, like Exploit Prevention Labs, sell software that is designed to prevent malicious code from hurting people’s computers as they wander the web.
Security experts say the most important thing that ordinary internet users can do is to make sure all the software they use is up to date, and that they run anti-virus software, a firewall and a spyware scanner.
“The rules for happy living on the internet are to patch your machine religiously and don’t install or view attachments unless you are sure of what you are getting,” said Eckelberry of Sunbelt Software.