Results tagged “virus” from International Beat

The recent discovery by Websense Security Labs, a California-based security research firm, of cyber criminals paying the search engine Google to host their malicious websites is certainly one of the most unnerving examples of how dangerous e-crime is becoming. But perhaps the scarier part of the new face of e-crime is the fact that it has evolved from simple spam or phishing attacks to organized criminal activities where investments are made to create a trap for luring unsuspecting users.

It has also taken the specter of web terrorism, say some experts, and this can make surfing the web even frightening.  Admittedly, how else can you describe the plight of clicking on a sponsored link as part of regular surfing only to be led to sites created by cyber-criminals for malicious purposes? And especially when such links are sponsored links hosted by no other than "reputed' and 'trusted' websites like Google and Yahoo. 

In a starling revelation a week ago, Websense said that in its weekly surveillance of millions of web sites, it spotted a download site offering a popular utility bound with malware. This which infects the computer that downloads the software and forces the user to pay $40 to clean it up. (Visit the link http://securitylabs.websense.com/content/Blogs/3264.aspx  for details.)

Apparently it may look like just another smart money-making move of e-criminals, but according to Elad Sharf, the security researcher of Websense who discovered this malware, this is an offence of serious proportions because it demonstrates "how the reputations of legitimate and popular applications and online services are being abused to serve and help malware authors to spread malicious software."

He adds, "Everybody has favorite applications and tools. When it is time to find and download a copy of an application, Google is often used to help locate a download site."

And that's what makes this discovery terrifying. Indeed it is not a novelty anymore that the volume of legitimate web sites getting compromised with malicious code continue to surpass the number of sites created by attackers specifically for malicious purposes. Increasingly,  cyber-criminals have started latching onto on web sites that all trust to launch their attacks on unsuspecting web surfers.

Websense says attackers have become sophisticated enough to take advantage of flaws in traditional security measures and bypass reputation-based systems to increase their attack effectiveness.

According to Websense the strategy to attack legitimate Web sites with good reputations worldwide with data-stealing malicious code has reached massive proportions. For instance, in the first half of 2008, more than 75 percent of the top 100 web sites with seemingly "good" reputations were compromised by attackers. This represented a 50 percent increase over the last six months.

Some of the sites named by Websense include MSNBC, ZDNet, Wired, and United Nations. In addition to these sites, says Websense, email spammers are also taking advantage of the reputation of popular email services like Yahoo! and Gmail to bypass antispam systems.

Websense Security Labs found spammers using sophisticated tools and bots to break the "CAPTCHA " systems that were developed to keep email and other services safe from spammers and other malicious activity. Microsoft Live Mail, Google's popular Gmail service and Yahoo! mail services were all compromised by this breakthrough method.

Subsequently, spammers have been able to sign up for the free email accounts on a mass basis and send out spam from email accounts with good reputations. With a free signup process, access to a wide portfolio of services and domains that are unlikely to be blacklisted given their reputation, spammers have been able to launch attacks on millions of users worldwide while maintaining anonymity.

"Clearly, these are terrifying developments," says Kaustubh Dhavse, Deputy Director (ICT practice) Frost & Sullivan. "For a simple user like you and me, it is getting increasingly difficult and scary to use the web. After all if trusted websites like Google and Yahoo can be compromised, who knows what may be lurking inside all the unknown links that a web surfs clicks everyday."

Having exploited scores of security measures adopted by experts to make IT networks secure, hackers have started riding on antivirus software as well to sneak into computers and networks.

iViZ, an Indian information security company that offers penetration and vulnerability testing for Applications and Networks has just discovered a new technique that hackers and e-criminals are using these days to break into computers -- crashing the antivirus software itself.

iViz says hackers have developed codes that can make antivirus software crash and create a loophole in the network, which then can be used to nestle a malicious code in a computer. The company says that so far, it has spotted 6 popularly used antivirus software products, both commercial and open source, which hackers have been able to break into. These are AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender and Avast.

Explaining how hackers trespass a seemingly secure system and break into it by exploiting its antivirus software, Bala said that an attacker crafts an email with malicious payload first and sends it to the target user. As the vulnerable antivirus software scans the email, the malicious code crafted specifically to exploit that antivirus, either crashes the antivirus software or executes an arbitrary code, to go around security and implant another malicious code into the computer.

"Once this malicious code is nestled in a computer, the attackers can use it to steal information or cause a denial of service 'condition," said Bala Girisaballa, vice-president (head of product management & marketing), iViz

A dedicated research team at iViz, which conducts extensive research on attack techniques and checks robustness of applications and networks stumbled upon the vulnerabilities by trying to penetrate networks protected by popular commercial and open source antivirus software products.

Using a variety of file fuzzing techniques, the team discovered abnormal behavior in these products while handling complex or unusual executable header data, especially in the case of executables packed with 3rd party packers like UPX, FSG etc.

Multiple bugs were found in those six antivirus software, some of which proved to be vulnerable enough to make the antivirus itself a back door for hackers. "So far we have come across six that we have named, but there may be more which we haven't been able to identify yet," says Bala. "The makers of the affected antivirus software vendors have been informed. Many admitted [the problem] but we have also faced denial."

According to iViz, although home computers are affected most by this breach, companies and businesses, as well as government departments are also highly susceptible to its risks.

Indeed, e-criminals always manage to remain a step ahead, don't they? And their turf keeps expanding not sparing even the big-daddy security experts. For instance, yesterday, in another shocking revelation Microsoft announced that there is a security flaw in its Internet Explorer 7, the world's most popular Web browser.

This flaw, like those in antivirus products allows criminals to take control of computers and steal personal information.  "We are actively investigating the vulnerability that these attacks attempt to exploit," Microsoft said in a statement. "We will continue to monitor the threat environment and update this advisory if this situation changes."

Microsoft added that about 0.2 per cent of Internet Explorer users have already been affected by the flaw.