Summer’s warmer temperatures are upon us, but don’t expect cyber crooks to take any vacation.
In fact, security specialists say scammers and spammers are heating up Internet traffic with some new tactics that enable them to launch attacks undetected by most service providers and corporate Web filters.
Here are a sampling of some of the most recent strategies and assaults uncovered by experts we spoke to.
Targeted attacks
Small is beautiful. Spam artists are shunning large scale e-mail blasts in favour of targeted strikes.
Companies in the U.S. are still abuzz about a spoofed e-mail purporting to come from the Better Business Bureau (BBB) that was sent primarily to c-level executives of several corporations a couple of weeks ago.
The message actually contained malicious code that infected a victim’s machine with a keystroke logger. The code records the keystrokes typed by the user when carrying out such functions as Web-based financial transactions.
The BBB scam illustrates a growing trend towards smaller attacks to “fly under the radar” of Internet Service Providers (ISPs), according to Sam Masiello, director or MX Logic Inc, an Englewood, Col.-based Web security firm.
In the past, spam operators “cast a wide net” to entrap a many victims as possible. The downside of this tactic is that ISPs immediately recognize an attack is underway because the large traffic volume is often a dead giveaway, Masiello said.
By contrast, the BBB scam message was directed only to top-tier executives and even had the company name of the target firm in the body of the letter.
“This doesn’t mean blast e-mail is dead. It only means we’ll see more localized attacks from now on.” Masiello said.
SSL resistant keystroke loggers
Secure Socket Layer (SSL) cryptographic protocols are used to provide secure communications on the Internet for Web browsing, e-mail, Internet faxing and instant messaging. The server-based tool helps prevent hackers from decoding messages and encrypted vital personal information such as sign-on IDs and passwords.
However, the keylogger code used in the BBB scam is able to circumvent SSL capabilities of Web sites because the logger captures the keystrokes “directly from the source,” according to MX Logic’s Masiello.
“The keylogger employed in the BBB scam doesn’t read the keystrokes from the message being sent by the victim. It snatches the strokes from the keyboard as the user is typing them.”
Better crafted fake security software
Some scammers don’t even try to skirt encryption – all they need is a catchy banner and some well-played social engineering to get victims to click on a “loaded message,” says George Moore, threat researcher for Cupertino, Calif.-based security software firm Trend Micro Inc.
He said one enduring trend is the use of deceptive pop-up messages that “have the look and feel” of legitimate security applications.
“In the past, rogue anti-spyware applications have risen by as much as 500 per cent. We’ve found them in two to 10 per cent of computer infections scanned by Trend Micro.”
Bogus security alerts are much better crafted these days, “particularly those mimicking the administrative pop-ups in Windows Vista,” Moore said.
Typically, users will be bombarded by pop-up messages informing them that their machine is infected with a virus. The pop-up will then instruct the user to download an anti-virus application.
“In some instances, victims are fooled to buy ineffective software. On other occasions, the victim is directed to a site where the computer is infected with a malicious code,” Moore said.
Rogue anti-spyware in MySpace too
The growth of Web-based social networks is a boon to cyber criminals, according to Moore.
For instance, faked anti-spyware is now popping up in online auction sites and peer-to-peer networks, he said. “We’ve received reports that these products are appearing in Google ads, instant messages and even in some MySpace profiles.”
Moore said some MySpace profiles contain links to or endorsement of bogus anti-spyware products.
Best defense
Spam and the business of guarding against it is an ever changing multi-billion dollar market according to one Canadian tech industry analyst.
“Even as new technology is developed to battle botnets, criminal hackers will continue to evolve strategies to dodge detection,” says Darin Stahl, lead analyst for consultancy firm Info-Tech Research Group Inc. in London, Ont.
He said despite the more than US$61 billion spent by North American companies on IT security last year, “spam and botnets continue to grow.”
“Corporations are doing a good job in deploying firewalls and filters and erecting barriers. It’s the individual users that are the weak link,” Stahl said.
“The best way to defeat spam is not to click on the message.”
QuickLink 071749
