Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Crime Hits Big Time This Year

Posted by Zonk on from the too-many-bored-people dept.

An anonymous reader writes to point out the Washington Post's analysis of this year's spike in junk email and online attacks, such as botnets and worms. Image-embedded spam emails made up an amazing percentage of all messages sent in the months of October and November, and something like four million bots are actively adding to that total. These botnets are also increasingly connected to organized crime, as are 'independent' hacker groups. The article goes on for three pages, and doesn't have a lot of hope that 2007 will look a whole lot better. From the article: "Experts worry that businesses will be slow to switch to the [Windows Vista]. And even if consumers rush to upgrade exiting machines or purchase new ones that include Vista, Microsoft will continue to battle security holes in legacy versions of Microsoft Office, which are expected to remain in widespread use for the next 5-10 years."

9 of 97 comments (clear)

  1. "Experts worry that businesses..... by Anonymous Coward · · Score: 4, Insightful

    "Experts worry that businesses will be slow to switch to the [Windows Vista]. "

    Maybe because Vista isn't written for security or for the businessess, or for anyone who buys it, its written for DRM and for the RIAA and MPAA.

    1. Re:"Experts worry that businesses..... by Anonymous Coward · · Score: 4, Insightful

      What do the RIAA/MPAA have to do with UAC, ASLR, or Kernel Patch Protection? I'm not saying that DRM features are not present (or even well implemented) in Vista, but to imply that Vista wasn't "written for security" is ignorance at its finest.

  2. Crime and technology by Esteanil · · Score: 5, Insightful

    As the number of people online grow, the crime scene grows with it (at a slight delay).
    A large enough number of people for crime to be viable online will stay gullible, no matter what we do.
    This is another one of those "Wars" we simply cannot win. We can try to educate the masses, but in general it will not work.
    A number of people within any social network will be defrauded somehow, and as they tell their stories (which most of them won't, afraid to seem a fool in the eyes of their peers), eventually these networks will become more resistant to attacks.

    We can design tools to help this process. But there will never be a technical tool to stop all, or even a significant amount of the crime and fraud that goes on out there.
    It's the American dream - everyone can make it rich, and some people will always think that it's the mail/phonecall/whatever they just received that'll make it happen for them.

    --
    I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
  3. Thank you Spamthru & Warezov by GrumpySimon · · Score: 4, Informative

    Not much on specifics in TFA, but apparently the major increase in spam (mainly those pump'n'dump stock scams) appears to due to the Spamthru trojan which is being dropped by Warezov.

    We've had a few stories on this before here and here.

    --
    henry -- the human evolution news relay
  4. Jail one spammer a month by Animats · · Score: 4, Insightful

    What we need is more effective law enforcement. There aren't that many spammers any more. Look how few different spams show up. The top three or four spams represent most of the volume. We need a law enforcement effort aimed at finding the top ten spammers and putting them in jail.

  5. Old people! by autophile · · Score: 4, Informative

    An anonymous reader writes to point out the Washington News's analysis of this year's spike in telemarketers gulling lonely old people, such as lonely old men and lonely old women, out of their life's savings.

    "Experts worry that older people will be slow to switch to the [old folk's home]. And even if consumers rush to put in a home existing old people or purchase new ones that include no life's savings, younger folks will continue to battle security holes in legacy versions of the Old version of People, which are expected to remain in widespread use, and even grow, for the next 5-10 years."

    As long as there is prey, there will be predators. Stamping out the predators is a game of whack-a-mole, so the best solution is to try to educate the prey. And if you can't, well, what are you going to do? Legislate against it? Pfft!

    --Rob

    --
    Towards the Singularity.
  6. Detecting Click Fraud by broward · · Score: 5, Interesting

    A series of entries on my discovery of click fraud, how I detected it.
    I'm planning to work it into a Defcon 15 submission.

    http://www.realmeme.com/roller/page/realmeme/Weblo g?catname=%2FClickFraud

  7. Re:This is all Microsoft's fault! by melikamp · · Score: 4, Insightful

    Microsoft has done quite a decent job of making this balance in Windows.

    What a joke. The following are purely design flaws which you cannot excuse by saying that they are being exploited only because Windows/Office are popular.

    1. By default, all userland applications are granted Administrator's privileges. I cannot think of a suitable comment for this stupidity.

    2. By default, IE is capable of running applets with the said privileges. This would be dumb even if they were user privileges. Executable code which affects the system should be downloaded and then run locally. Just two more clicks, but now even a very dim user knows that a program is being run, whereas before he assumed that he's just browsing the Web.

    3. The de-facto document exchange format, .doc, is imbued with executable code which, wait for it... runs with administrative privileges. Let's not whine about how .doc is not an exchange format, because it is. That's what people corroborate on and email each other for revisions. It has its flaws but it does a good job. Sticking VBA in it is like handing little Johnnie a vial of nitroglycerin and saying: now be a good kid; if you jump too much, you won't have a good time.

    4. Getting a program involves running an executable file. This is a very grave flaw in the design. Much malware would be curbed if MS switched to a good packaging scheme and eliminated the need of ever dealing with .exe (for a not-so-clever user, that is). Ubuntu can do it, why cannot Microsoft? On my laptop, the only program I ever had to install by hand was ies4lin. Everything else (and I am quite a whore when it comes to software) was available through the Multiverse. Once a user is shown the kosher way of installing new programs, i.e. from inside the package manager which talks to the trusted repositories, he will naturally regard standalone files as suspect, and most likely will not even encounter them.

    These are just off the top of my head. All four are atrocious decisions, given that catering to the lowest common denominator is in Microsoft's mission statement. All four became problems because MS chose to completely ignore the fact that every Windows computer is connected to the Internet. Why bother? The monopoly status works just fine.

  8. Not exactly. by khasim · · Score: 4, Insightful
    The vast majority of people who use computers have little idea how they work, or the difference between viruses and spyware and adware.

    Yes, I can agree with that.

    And it is not going to change. Which is why it is necessary for the OS vendors to ship their product so that the default configuration is as locked down as possible. In my opinion, Ubuntu achieves this in an admirable fashion.

    Linux may be extremely secure, but the reason it is hardly used as a desktop OS is because the vast majority of people don't know how to easily do what they need to do using it.

    Actually, that would be because of Microsoft's monopoly on the desktop. Breaking free of the monopoly takes a LOT of effort.

    To meet all users desires, you'll always have to sacrifice some security for ease-of-use. IMHO, Microsoft has done quite a decent job of making this balance in Windows.

    Nope. Look at a Mac. Talk to Mac users. They don't need to become experts on their systems to use them more securely than Windows. This is because Apple has implemented a more effective security model than Microsoft.

    The fact is that you'll always have a lot people who use the easiest thing available, even if it is insecure.

    But it is Microsoft that is using the monopoly to restrict access to more secure systems. Don't blame the users if the monopoly is actively trying to limit the options.

    You'll always have the people who turn off the firewall because it makes their IM program not work, you'll always have the people who ignore the 'This file may harm your computer!' dialog. As a result, malware, worms, etc. will always be a problem.

    Why do you have to turn off the firewall so you can run your IM program? Would you accept a car that you had to disable the air bag in order to play a CD? Ubuntu is effectively immune to worms because it, by default, does not have any open ports.

    Microsoft is skipping the FIRST rule of security: do not run anything that is not absolutely necessary.

    The reason that so many Windows machines are infected is NOT because they're running some IM client without a firewall. It's because the default configuration was insecure. Too many services that were not needed were running and vulnerable.

    If 100% of the Windows boxes start vulnerable - you need a LOT of extra work to secure them.

    If 100% of the boxes start without open ports - you'll need a LOT of extra work just to make them vulnerable.

    In the end, it all comes down to how much effort is needed. Start secure and you'll always win that scenario.