A year after the Storm Trojan attacks started, security experts are predicting botnets, instant messaging and social networking sites will continue to pose a threat to corporations that allow their workers Internet access.
“I think we’re going to see a rise on this front,” Derek Manky said of the botnet threat, whereby hackers use other people’s machines as “zombies” to distribute massive quantities of spam, Trojans and unsolicited messages. “Their goal is to grab a wide international base of zombies and botnets” for mass mailings. ‘
Manky is the Vancouver-based security research engineer for security hardware manufacturer Fortinet Inc. of Sunnyvale, Calif.
Fortinet this week published the 10 most reported security threats of December, 2007.
Five of the threats – including W32/Netsky!similar, which topped the list – were mass mailings. Fortinet’s global security research team said 11.05 per cent of reported activity was Netsky!similar, and the company said malicious Web pages were a major cause of security incidents. LINK
Other vendors also predict a spike in botnet activity. Islandia, N.Y.-based CA Inc., for example, predicts the number of computers infected with bots will “increase sharply” in 2008. According to its Internet Security Outlook Report, released yesterday, CA said bot-herders are changing their activities and will use instant messaging (IM) to recruit zombies.
Brian Grayek, vice-president of product management for CA’s Internet security business unit, said IM is becoming a security hole partly because many users don’t realize they already have Windows Messenger on their machines.
This presents a security threat to companies because so many employees use IM, said James Quin, senior research analyst for Info-Tech Research Group of London, Ont.
“The use of IM as a tool has grown very very quickly to the point that IM is used ubiquitously in most enterprises,” Quin said, adding it’s not always easy for companies to prevent employees from using IM.
“There are organizations that have policies against the use of IM, but unless you’re using an appropriate tool, you can’t actually enforce that policy, and that’s one of the reasons IM is becoming the threat vector that it is,” he said. “Filtering out IM traffic versus non-IM traffic from the web stream requires specialized security solutions and very few organizations have those tools in place at this point.
Quin recommends companies purchase HTTP firewalls to help detect instant messaging traffic.
“A normal firewall looks at anything in the HTTP stream and says, ‘Yeah, it’s Web traffic, it’s okay, I’m going to let that through,’ and it can’t get down into the specific applications that are being hosted in that stream.”
Another security vulnerability is social networking sites, such as Facebook, because so many people are using it, Manky said. Crooks are posting links to phishing sites on wikis, blogs and social networking sites in attempts to entice users to visit these sites and enter sensitive information, he added.
“Cyber criminals are tracking high traffic sites now,” he said. “Social networking means high traffic, which results in more cold, hard crash.
Fortinet predicts security holes in operating systems and browsers will also pose a threat, and recommends where possible, organizations switch to Linux. Those who need Windows as their platform can still get some protection by using Opera instead of Internet Explorer as their browser, Manky said.