Tracking the Password Thieves

wiredog writes "From The Washington Post, yet another story about phishers, keyloggers, and viruses. The story is nothing new, but the author has a blog where he describes how he gathered the information that went into the story. Information including the locations of the victims, and the ISPs likeliest to be hit. Some of the victims included "an engineer for the Architect of the Capitol" and a man who "works in computer security for IBM." One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)" A compromised machine was also found in "the new accounts department at Bank of America" (Score!)"

Glad we picked the winner!

[phorest]

Comcast!

Re:A list could be good

[Sunburnt]

A list of vulnerable ISPs may help encourage those ISPs to help change.

Not so much as a series of lawsuits.

ISPs most likely to be hit

[DarkLegacy]

That chart simply looks like a demographic on the amount of users currently using those ISPs. As with spyware, it makes sense of course that the biggest population will be hit the hardest. That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P

Re:ISPs most likely to be hit

[danpsmith]

That chart simply looks like a demographic on the amount of users currently using those ISPs. As with spyware, it makes sense of course that the biggest population will be hit the hardest. That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P

That's true, and I understand this argument as it is a familiar one. However, some systems make inherently insecure choices and are slow or late to deliver patches (or in some cases, no patches are released at all). Look, everyone understands that all software security probably has holes in one way or another, but the fact of the matter is that the faster you patch those holes, the less chance you have of the ship as a whole sinking to the bottom of the ocean. And it also helps if you design the code based on security from the beginning instead of attempting to bolt-on security like it's another feature when it definitely isn't.

Re:ISPs most likely to be hit

[Stanistani]

>That's effectively why alternative operating systems are impenetrable to virii and other nasty things. They aren't looked at by the majority of the 'bad people' out there. :P

Ya know, I'm glad that was modded insightful, 'cause I don't think anyone's ever made that point on /. ever before...

Naah, just kidding! You're all right.

Re:ISPs most likely to be hit

[Sunburnt]

it also helps if you design the code based on security from the beginning instead of attempting to bolt-on security like it's another feature when it definitely isn't.

Or "letting the market handle it" by allowing your company's incompetence to effectively subsidize a third-party industry possessing only marginally more competence.

Re:ISPs most likely to be hit

[eMbry00s]

Like linux servers, then? No, wait - that just ruined your insinuation that the reason linux is secure is obscurity.

Anyways, with ISPs I would say the demographies are pretty equal (though I have no facts to back that up) - which means the amount of trojans per ISP would rise as the number of users increases.

Re:ISPs most likely to be hit

[samotano]

A simple incidence rate like (# attacks)/(total users) for each IP would have been much more informative.

Re:ISPs most likely to be hit

[pilgrim23]

So the gaping holes in Microsoft products, that any 16 year old with a few hours reading of a VB manual could exploit has nothing to do with it?
Submarine one: "We are sinking because we are the most popular submarine.
Submarine two: "uh, guy.. Try shutting your hatch"

Re:ISPs most likely to be hit

[maxume]

Has any other os been deployed so widely in a user-managed, hostile network environment? Windows may very well be shitty shitty shitty, but there isn't any reason to conclude that there is actually something out there that isn't shitty shitty shitty.

Re:ISPs most likely to be hit

[UbuntuDupe]

If you're referring to Linux, that's just not true. Certainly fewer home users have Linux, and those users are generally better-informed about security. However, the bulk of the security comes from a better design[1]. For one, regular users do not have the equivalent of Windows "admin" privileges. Also, the components are more de-coupled. Knowing how to crack the web browser does not automatically imply knowing how to exploit the word processor, or how to hijack all CPU cycles. Critical directory paths are not hard-coded. Even if 90% Linux penetration would divert hacker resources to Linux, it will still take longer for them to find flaws, and those flaws would be less severe.

[1] Yeah, yeah, yeah, yeah, I know, I've criticized Linux's design before and I know all the links you've compiled to my previous posts. No, I'm not contradicting myself. When I said the design was poor in the past, I was referring to a different aspect of it, that is, handling potential issues in installation. I stand by those claims. Linux's security aspect still has good design.

Re:ISPs most likely to be hit

[A_Non_Moose]

As with spyware, it makes sense of course that the biggest population will be hit the hardest.

Target rich environment, eh?

So goes the old addage "One million chinese people can't be wr^H^Hinfected, can they?

Or, "give a man a phish, and his accounts will be emptied, teach a man to phish and we'll hunt your dumb ass
down too!".

Re:ISPs most likely to be hit

[ericlondaits]

No, you're wrong.

Mapping from an external IP to an internal LAN IP is called NAT. NAT shouldn't be used as a substitute to a real firewall, though you'll find many people who think of NAT as a security measure.

Re:ISPs most likely to be hit

[thrawn_aj]

Also, if hackers are geeks and geeks have an inherent tendency to go Linux, they would be idiots to mess up their own world by writing Linux virii :P. So, I would say (even though I'm a windows user), that the Mac seems to be the most secure =D as whatever Mac users are, "geeks" they ain't :P.

Re:ISPs most likely to be hit

[Kadin2048]

I'd say that Linux-based webservers have withstood at least the same (or worse) adversaries and attacks that are plaguing Windows systems, and fared a whole lot better.

Although there are probably more home PCs than servers, the servers are much bigger targets. Until very recently, it wasn't that common to find a home PC that was sitting on a really fat pipe 24/7. Servers, practically by definition, have loads of bandwidth available. If you think that somebody's crappy Windows box getting turned into a spam zombie on their home DSL line is bad, imagine what it would be like to turn a significant fraction of a colo farm into zombies: you wouldn't just have a botnet, you'd practically have a supercomputer.

As anyone who's ever set up a machine running sshd on the default port, facing the internet, malicious persons are constantly looking for machines other than Windows ones to compromise. I get hundreds of attempts per day on my home server (which do nothing, except to get the originating IP added to hosts.deny) and I'm sure a commercial server that wasn't properly secured would get owned pretty quickly.

But the fact that the same malicious users who assumedly send out Windows trojans have to resort of brute-forcing the passwords on my SSH gateway, says something about the security models of each. To draw a physical-world analogy, they're actually picking the locks of the Windows machines; with my Linux box, they're merely rattling the knob and seeing if I've been dumb enough to leave it basically unlocked.

Now, it's true that a desktop/server comparison isn't totally fair: it's hard to trojan a server, because you don't have people sitting at its console, downloading and executing email attachments and other garbage. However, even on a Linux desktop, you'd have a harder time dropping a trojan, because it's harder to disguise an executable as a document and get a user to run it. (On most Linux systems, files are saved with the execute bit unset, so that someone would really have to try in order to "execute" that PPT file instead of opening it.)

Is it possible that there could be buffer overflows and arbitrary code-execution bugs in Linux software? Sure --- it's not immune, by any means. But particularly on externally-facing services, like sshd/apache/imapd/etc., the code is in use by and vetted by so many people, that I suspect the number of serious, exploitable bugs is fairly low, and they get fixed pretty quickly. With Microsoft, you just don't know. First, you have to wait for somebody to find a vulnerability, usually through some form of trial-and-error, because they don't have the code to review, and then you have to hope that they notify Microsoft instead of selling it to the Russian mafia, and then you have to wait for Microsoft to find a convenient time in their schedule to fix it (using whatever method they find expedient, which may or may not create other holes elsewhere; remember, you don't know what they're actually doing) and then release an update.

There are definitely Linux apps that have not had to withstand much in the way of scrutiny or life in a hostile environment, and that I wouldn't bet on the security of. But much of the underlying OS, and many of the most heavily-used applications, have a decades-long track record as some of the biggest targets on the Internet.

Re:ISPs most likely to be hit

[maxume]

Servers generally have 'competent' admins. Or a firewall policy. Everything you say about the resources available is true, but the weak link on home systems is generally weaker.

Re:ISPs most likely to be hit

[PrinceOfStorms]

Except that Submarine One got to be the most popular submarine by giving people what they wanted, namely a convertable submarine that allows all the sunshine in and saves all that hatch opening/closing time. If Submarine Two wants to be the most popular submarine, they're going to have to offer the same "feature".

Re:ISPs most likely to be hit

[HomelessInLaJolla]

Submarine One got to be the most popular submarine by giving people what they wanted Editorial suggestion: "Submarine One became the most popular submarine by advertising that everyone should want a submarine at a time when most people didn't know what a submarine was. The advertising was paid for using taxpayer money which was allocated in the form of research grants, business subsidies, and government backed low interest technology sector loans."

In short... a scam.

Re:ISPs most likely to be hit

[Random832]

Try using actual well-formed HTML - a

tag at the START of your first paragraph, followed by a

at the end and a

at the start of the second one, etc.

Or you could just do the easy way and type two line breaks with the enter key, if you're using "plain old text".

Re:A list could be good

[geoffspear]

I doubt it's the ISPs' fault; looking at the list it seems plausible that the "most likely" to be hit are simply the largest ISPs, so you'd expect the largest numbers of affected users to be using those ISPs.

Besides, if 2 supposed "network security" people got hit, do the ISPs really have any hope whatsoever in trying to educate their users to avoid phishing?

Re:A list could be good

[Balsamic+Moon]

"Likeliest to be hit" is a mislable. It should read "ISP's inept users" who allow themselves to become vunerable due to ignorance or carelessness.

This isn't some war between ISPs. The graph shows clearly what ISP had the most victims due to this virii. But even that isnt conclusive of anything because of the quantity of overall customers isnt revealed. Yeh sure we can say Comcast has the most, but they surely have more customers overall than say, oh Qwest.

Looking at the Distribution Map

[Gryle]

It would appear that nobody in South Dakota has an identity worth stealing. That's gotta hurt your pride.

Re:Looking at the Distribution Map

[LilGuy]

That's because I moved to Iowa.

AOL is at the bottom of the list

[Frosty+Piss]

Interesting how AOL is at the bottom of the list of ISPs likeliest to be hit. Who would have thought.

Re:AOL is at the bottom of the list

[gEvil+(beta)]

Either their customers are still busy trying to get onto the internet in the first place, or those spyware/adware tools that they've been shoveling are actually doing some good...

Re:AOL is at the bottom of the list

[vertinox]

What so surprising about not targeting a group that can't even figure out how to connect to the internet much less figure out they even have online banking?

Re:AOL is at the bottom of the list

AOL users being mostly dialup users likely has something to do with it. It's much easier for the phishing spyware to work when it has an active internet connection with which to report back. Even your most clueless AOL user would likely realize something is up if their computer "randomly" connected to the net all by itself.

Even if their thing only works when the user is already online, you need to get it to the person to begin with. Sending the payload over dialup may not be feasible.

Re:AOL is at the bottom of the list

[networkBoy]

Besides they're all pwned as open relays and proxies.
-nB

Re:AOL is at the bottom of the list

[clickclickdrone]

Probably because AOL have almost no customers anymore and those they do have can't find the on/off switch so the scammers know they're not going to get anything useful.

Re:AOL is at the bottom of the list

[clickclickdrone]

Well now, say what you want about AOL quality, but that's just bullshit.

Ya don't say?

It's the Russian mafia! Ahhh!

[PsEvo]

Charts are nice and all, but I would life to see more work done to prevent this. Or perhaps, don't let idiots use the computer (computer license). It's the only way! The biggest security hole in computers isn't the computer, but the user. :(

Re:It's the Russian mafia! Ahhh!

[geoffspear]

The problem is that you apparently need to make the requirements to get a "computer license" more stringent than those required to get a job in network security at IBM or a degree in information security. Good luck legislating that when you're going to have to take away the computers of everyone in Congress and all of their staff.

Re:It's the Russian mafia! Ahhh!

[LighterShadeOfBlack]

Charts are nice and all, but I would life to see more work done to prevent this. Agreed.

Or perhaps, don't let idiots use the computer (computer license). It's the only way! The biggest security hole in computers isn't the computer, but the user. :( And mugging and theft are up in my neighbourhood. It's all these old people. There should be a licence for walking the street! The biggest reason for crime is people who can't put up a fight. Euthanasia at 60 is the only way! :(

Seriously though, users should definitely be educated on computer security wherever and whenever possible (ie. as a fundamental part of job training and IT education in schools). But any talk of computer licences is ridiculous.

Re:It's the Russian mafia! Ahhh!

[protected_static]

But any talk of computer licences is ridiculous.

I would have thought so as well, had I not seen how Britain's TV tax unfolded a few years ago. I know the two situations aren't entirely comparable, but still... Many countries charge license fees for television access - how much of a leap would that be to internet access?

Re:It's the Russian mafia! Ahhh!

[geoffspear]

I'm fairly certain that the British don't need to prove they're not too stupid to watch TV to get a TV license, though, so what you're talking about has nothing whatsoever to do with that OP is suggesting.

Re:It's the Russian mafia! Ahhh!

[Pollardito]

The problem is that you apparently need to make the requirements to get a "computer license" more stringent than those required to get a job in network security at IBM or a degree in information security. Good luck legislating that when you're going to have to take away the computers of everyone in Congress and all of their staff. take away their computers, are you mad? but how will they get the internets that their assistants send them through the tubes?

Re:It's the Russian mafia! Ahhh!

[protected_static]

Nothing whatsoever? No, there's no user test for TV, hence my saying that they "aren't entirely comparable." But where I think you're missing the point is that it would be relatively trivial for a government to impose a licensing scheme upon users, therefore making the idea not quite so 'ridiculous.'

I mean really, what would the test consist of? How about a series of check boxes attached to your tax/license form stating that the user understands that they need to install anti-virus software/not click on random attachments/not respond to spam/not share files illegally along with another checkbox stating that the user understands that they may be held criminally liable should they fail to follow these or other 'safe computing' practices, oh, and by the way, if we find that you're engaging in any of these things, your ISP will be required to shut you off.

Boom. Done. Pay your fee please, you've just been licensed.

Re:It's the Russian mafia! Ahhh!

[Moofie]

"it would be relatively trivial for a government to impose"

That phrase gives me the screaming wiggins. ANY government imposition is, by definition, not trivial.

Re:It's the Russian mafia! Ahhh!

[protected_static]

I didn't say that I was in favor of such a scheme; just that it would be fairly easy for a government entity to implement...

Re:It's the Russian mafia! Ahhh!

[pipingguy]

Why are there not computer/internet security PSAs on television?

What exactly were they doing or not doing?

[ect5150]

While the above information in the article and above links is interesting, and you can sure feel for the victims, I'd be more interested in knowing what the individuals were or were not doing that allowed the viruses/hackers/keyloggers on the systems. Do these individuals/corporations not run behind a firewall? port blocker? run anti-virus software? run anti-spyware?

I'm not the end-all-be-all security expert, but when I help individuals set up a 'net connection, I make sure all firewalls are on (or the router they are using only allows the necessary ports needed for operations to be forwarded into the network). I setup free anti-virus and free anti-spyware as well. Are these places doing the same? Or do most of you guys [read: slashdot-readers] find that in general they don't?

Re:What exactly were they doing or not doing?

Do these individuals/corporations not run behind a firewall? port blocker? run anti-virus software? run anti-spyware?

The summary says that a machine was compromised at the Bank of America, though from my reading it seemed to just say at a bank. I happen to have some insight into Bank of America specifically. They run firewalls and configure IP access limitations on machines and run and expensive intrusion protection system that searches for this type of thing on their network. None of those, however, will stop a user from bringing an infected MP3 player into work, or in some cases installing software on their workstation. The real question is, did all of these people lose data and how quickly was it detected and shut down? Did the compromise spread?

Aside from that, implementing measures to make sure hosts aren't compromised in the first place is a good idea, but realistically these people are running Windows and the OS simply does not have the security needed to prevent malware from hitting the box and taking over in the first place.

Re:What exactly were they doing or not doing?

[LilGuy]

I do this as well, not for their benefit but for mine. I don't want calls at 2 in the morning complaining that the computer is a slow piece of crap and I need to come fix it. I set them up with the tools, let them know what they're for, and tell them that any additional support will cost them money.

Seems to work out well.

Re:What exactly were they doing or not doing?

[borkus]

It sounds like people opened one bad attachment and that was it. It's easy to blame them for that, but people get personal e-mail with legitimate attachments all the time. All it takes is one mistake to infect your PC. Also, the malware these days often does some devious things -

*Often, the software uses your copy of outlook to hit other people in your address book. Consequently, the infected messages often come from a trusted source - bypassing spam filters as well as the recipients normal level of suspicion.

*The messages often mirror a terse business communication ie, "Please review and respond" along with a safe looking file name. These are no longer the "click here for nude pictures" e-mails, but good impersonations of day-to-day business correspondance.

I think of a friend of mine who kept birds. Her boyfriend got her a cat (she was a big animal fan) and she figured she could keep both in her apartment as long as the birds were in a room with a door to it. Her plan was to close the door every day before she went to work so the cat couldn't get in there when she was out. Of course, she had several things she had to do every morning before going to work and the cat had only one thing to pay attention to - did she leave the door open today? Eventually, she was in a rush one morning and came home to find the door open to the bird's room but no bird.

And yep, having Windows and MS Office was the canary to the hacker's cat.

Re:What exactly were they doing or not doing?

[jerkychew]

Read the article; The virus that he back-tracked was sent via email. You can have all the firewalls in the world and your mail servers can be locked down tighter than my mom, but all it takes is one user with IE and a Hotmail account.

Re:What exactly were they doing or not doing?

[cyberbob2351]

The botnet problem is a little worse than you may think....And it is these botnets that are allowing such rampant system compromise.

First of all, recognize that botnet malware evolves at a pace in which it is rather difficult for the antivirus vendors to keep up with. All it takes is a download of phatbot, a little code hacking to ensure it is just perfect for your uses, and then you run it through a packer. You won't preserve the same md5sum of course once your binary is customized, so the only other way that the sample can be detected is some more advanced techniques. (API hooking, entropy scanners, or looking for certain assembly sequence patterns). I'm not sure what the default scanning behavior of most AV scanners is, but they might not utilize such hardcore tests on every file in your system.

Secondly, most botnets run over port 6667, so even if you were running a firewall, you would need to have one that blocked the default IRC port by default. If this is unlikely for the majority of firewalls out there, also recognize that many newer IRC bots are relying more heavily on http command and control mechanisms. That is, they no longer communicate over IRC, and instead resort to making web posts to communicate with the hacker. Being port 80 based, suddenly its not so detectable amongst the stream of internet web traffic.

As for infection trajectories, also recognize that many infections today are indeed user error, whether it be an email attachment or downloading some videogame crack off of some site. The zero day exploits contribute to the problem as well.

Re:What exactly were they doing or not doing?

[evought]

According to 2005 FBI Internet Crime Report, almost all surveyed companies used antivirus, antispyware, firewalls and antispam software. The article also says that many victims in this case were as well. I have also had a Win2K box compromised that was very well protected; malware detectors and updates do not work against new exploits. I generally run Linux and Mac systems, and, although there are many fewer threats, I have them protected to the nines. In this case, as others mention, it is the human element: innocent looking attachments are sent from trusted individuals. This is a very good case for PGP and other systems, not to mention rampant paranoia when receiving any attachment.

"Likeliest"

[mwvdlee]

"Likeliest" is a perfectly cromulent word.

Re:"Likeliest"

[soliptic]

I don't get it. If you're trying to imply "likeliest" is not a perfectly cromulent word, I'm afraid you're wrong, it definitely is a real word. If there's no sarcasm / tongue in cheek and you do literally wish to point out the word does exist, I don't understand why you'd pick on "likeliest" instead of any of the other words they used which do exist :)

"Impenetrable?"

[Rob+T+Firefly]

That's effectively why alternative operating systems are impenetrable

I don't think that word means what you think it means.

Good school for "Information Security" ??

[moeinvt]

I suggested that one of my relatives look into computer security as a career.

Any recommendations from /.ers on a good school for studying this?

Re:Good school for "Information Security" ??

[gEvil+(beta)]

Any recommendations from /.ers on a good school for studying this?

DeVry

Re:Good school for "Information Security" ??

[east+coast]

Hey don't put down DeVry. When I went there it was a great school... oh, wait....

Did you major in arrogance?

[Digital+Vomit]

One victim "was fresh out of college, where he'd just earned a degree in information security. (He was actively looking for a job in the field; I suggested he may want to go back to the classroom.)"

Because college creates people who are perfectly skilled at a certain field...

Re:Did you major in arrogance?

[Sunburnt]

Because college creates people who are perfectly skilled at a certain field...

It damn well better, for $120,000+ in some cases. After all, isn't that the assumption made by a thousand idiot HR folks every day? /sarcasm

Re:Did you major in arrogance?

[Jimbitz]

To bad that person ain't that skilled in Information Security..
I wonder if microsoft would hire him. [/sarcasm]

Re:Did you major in arrogance?

[Jimbitz]

Go and report it to your nearest police station Anonymous Coward.

Re:A list could be good

[Sunburnt]

if 2 supposed "network security" people got hit, do the ISPs really have any hope whatsoever in trying to educate their users to avoid phishing?

I bet we'll get to find out if they get successfully sued over it. I'm not saying it's a good idea, BTW. Just saying that it would be a more likely motivator of action than the parent's suggestion of public naming. Hasn't the lesson of the 21st century thus far been: "public opinion's attention span regarding corporate negligence and malfeasance is too trivial for most companies to consider it a liability?" Hell, if the government we pay for every two weeks can get away with it, I'll bet Verizon, BofA and others feel pretty safe.

Besides, there is a way that ISPs can fight phishing: aggressive takedowns the of fake sites used by phishers to extract information from those folks who don't see the problem with giving their SSN to "paypall.com" and the like. I'm not informed about their current vigor in this regard, though, and would appreciate feedback from those in the know.

*Please note: I certainly believe that primary responsibility for avoiding phishing scams belongs to the consumer. I think, however, that a clever team of lawyers could convince a jury otherwise.

Poison their lists

[Martin+Spamer]

The corps that are targeted for login credentials should poison the phishers lists while they are waiting for the phishers ISP to take them down.

When the poison credentials are used by the phisher the targeted corp should use their source ip and browser fingerprints help identify other compromised accounts logged in from the same source. Places like banks and pay-pal could also this information to freeze compromised accounts more quickly.

I'm wondering...

[wiredog]

Who the one guy in Southwest Utah is. My Dad lives there...

Re:A list could be good

[danpsmith]

"Likeliest to be hit" is a mislable. It should read "ISP's inept users" who allow themselves to become vunerable due to ignorance or carelessness. This isn't some war between ISPs. The graph shows clearly what ISP had the most victims due to this virii. But even that isnt conclusive of anything because of the quantity of overall customers isnt revealed. Yeh sure we can say Comcast has the most, but they surely have more customers overall than say, oh Qwest.

I'm not so sure that what you are saying is true. I'll give you a little story. I run comcast cable at home and I setup a web server without any advertisement whatsoever. It was on port 80 so it was publicly accessible via a standard port 80 search or whatever, however, like I said, it was not advertised. I'd get either hackers or bots or whatever they were going through a list of common exploit commands on my server every single day when I'd look at the logs. Now, my web server was customized and for specific purposes, so none of these commands worked and eventually I customized it to deny access to these individuals and give them a "connection reset" return message, however, it shows what a target you are just for being on comcast's service.

People know the IP ranges. If it's zombie botnets, then there are a lot of computers on comcast that are already zombies looking to exploit you. So this puts you more at risk than being on any other ISP IMO, even if you do know what you are doing. I'd get a huge list on a daily basis of these people, they were most likely unique because some of them actually browsed the webpages when it was publicly accessible. 20-30 unique attempts a day to try to exploit a webserver that's completely advertised to the known public, I'd consider that pretty significant.

Also, email. I believe that spam networks and phishing networks target comcast users exclusively and continue to target them after getting a response back from the server that the mailbox is valid or whatever. A lot of email spam that I get isn't the result of signing up for anything, but instead a CC that also extends to a lot of other comcast subscribers. The list is usually hundreds of people long on each mailing. So somehow they are able to wholesale get the email addresses of comcast subscribers, whether it's through brute force or comcast hands them out I don't know and couldn't prove either way. But again, you are more of a target on comcast in this manner. An unsuspecting customer could easily be foiled by one of these phishing attempts and some of them look very official to the unknowing eye. Don't underestimate the guile and cunning of these snakes that lurk on the Internet to prey on their victims and don't cast the victims off as some unknowing bunch of nitwits who simply don't take basic security measures, the problem is bigger than it seems.

Ouch...

[wiredog]

But "which are most likely" seems a bit stilted. For a /. write-up, that approaches the "and then there's Albania" style of writing.

Trojan != Virus

[tyler.willard]

"...a hidden software virus that recorded his every keystroke."

Yeah I know, everybody files all malware under 'virus'; but since the article comes off as somewhat technical it would be nice if this detail was correct. Keyloggers are almost always* trojans, not a viruses.


*The only reason I say "almost always" is because it would technically be possible to put keylogging functionality in a virus.

Re:Trojan != Virus

[tyler.willard]

Yeah I RTFA...and the email virus was just a vector for keylogging trojan it dropped.

Re:Trojan != Virus

[tyler.willard]

Actually, the FA doesn't mention an email.

hacking/phishing/logging != stealing, called fraud

[plasmacutter]

let's use proper diction here..

i'm getting really tired of everything under the sun being called "theft". It just allows certain other interest groups to keep implying greater moral bankruptcy than actually exists.

a more proper term would be "fraud".

So you say that "security" does not exist?

[khasim]

Windows may very well be shitty shitty shitty, but there isn't any reason to conclude that there is actually something out there that isn't shitty shitty shitty.

Windows has a specific security model designed and implemented by Microsoft.

Microsoft's choices have been disparaged by security professionals for YEARS because they violate the BASIC rules of security.

Ubuntu follows the basic rules far better than Windows. Ubuntu is far more secure than Windows.

There are different categories of threats and each category requires different security procedures. It's not that complicated. Just because Microsoft chose "user friendly" over security does not mean that security does not exist outside of Microsoft products.

Re:So you say that "security" does not exist?

[maxume]

If a tree falls in the for.. No wait, if a system has not been as widely deployed as Windows, is it worth comparing the security trade offs that have been made? "Better security" is only a feature if you are actually interested in using it, something which hasn't really been shown to be true. (OS X seems to be doing o.k., but it only has to be a little more secure than Windows to not be an interesting target).

Word ordering people!!!!!!

[woolio]

That's effectively why alternative operating systems are impenetrable to virii and other nasty things.

No, no no no. Did you not intend:

That's why alternative operating systems are effectively impenetrable to virii and other nasty things.

The words of ordering make a difference!

Re:A list could be good

[Synchis]

Besides, if 2 supposed "network security" people got hit, do the ISPs really have any hope whatsoever in trying to educate their users to avoid phishing?
I went to school with people who proved that you can do a college course and PASS without ever learning a single darn thing. Having a diploma or a degree is not always the best measure of knowledge in a particular field.

Re:A list could be good

[dgatwood]

A large percentage of those phishing sites are hijacked computers, themselves. Aggressive takedowns means educating sysadmins about securing their (mostly Windows) servers against attack.

Want to know how to really stop phishing? Make it unprofitable. Since it would take a decent amount of time to set up a server to provide phishers with data, it's an invetment. Thus, unlike spam zombies, they can't move from machine to machine as quickly, and generally, the site is discovered and shut down long before they abandon it. Exploiting this weakness is the key to stopping phishing and the people who perpetrate it.

When you spot a phishing site, there should be a team of phishing investigators that go to the hacked server, examine it carefully (without disabling it) and add a traffic mangler that makes most of the information bogus, but leaves the credit card numbers intact, recording them as it does so. Contact the owners of the cards immediately and tell them that they must stop using the cards because their numbers have been stolen. Then, flag the cards as stolen. That way, when the phisher swipes a fake card with the stolen number, the register displays the words "Stolen card. Call Police."

If this were consistently the response to phishing compromise of servers, the people who do this would quickly find themselves behind bars, and phishing would drop significantly. In particular, it would decimate the U.S. phishing servers, which make up the bulk of the phishing servers at last survey. Some phishing would remain on overseas servers, but at least this would diminish the problem significantly.

those likely on computers are vulnerable ;)

[swschrad]

something like a java real time hack respects no particular OS, assuming it has the ability to speak back to the internet.

Re:A list could be good

[russ1337]

You might still start to get spam, if someone on your list has a compromised address list or computer.

I've often thought of generating some kind of unique e-mail address for each of my friends, to detect if my e-mail address has been compromised by them (or their PC). e.g:

asdf2344ks@gmail.com for my emails to Tom
oieo116i2k@gmail.com for my emails to Liz

The idea is they reply to that address, and mail to these addresses would aggregate to my inbox. If one of those email addresses starts to get spammed, I'll have an idea of who's responsible, change the address for them and see if it continues. After it happening a couple of times I could inform them that they may have a compromised computer and help them out etc.

I just dont have the time to implement such a scheme and rely on Gmails spam filtering which i think is pretty good.

Compromised machine in Bank of America

[Numbah+One]

That machine is probably secure unless the phisher speaks Spanish.

Like, DUH!

[khasim]

No wait, if a system has not been as widely deployed as Windows, is it worth comparing the security trade offs that have been made?

Well DUH! Of course it is.

We have this thing called "The Internet" now which means that machines can be scanned and cracked 24/7.

"Better security" is only a feature if you are actually interested in using it, something which hasn't really been shown to be true.

Hmmm, I guess that the sales or McAfee and Norton anti-virus are not real then.

Re:Like, DUH!

[maxume]

The point I am failing to make is that the sales of antivirus, while they are probably due to design flaws in Windows, they might be due to trade offs that are necessary in order to get normal people to use computers. Until there is another system with hundreds of millions of users that just want the computer to work and be easy, the 'necessary trade off' side really can't be disproved.

There are no threats

[ehaggis]

Outside of the United States (at least according to the maps.)

Re:hacking/phishing/logging != stealing, called fr

[/dev/trash]

Taking my money without permission is theft. T-H-E-F-T

Re:A list could be good

[stephanruby]

"I've often thought of generating some kind of unique e-mail address for each of my friends, to detect if my e-mail address has been compromised by them (or their PC). e.g:
asdf2344ks@gmail.com for my emails to Tom oieo116i2k@gmail.com for my emails to Liz"

This service already exists. It's been around for a while. It's free. You only need to remember a chunk of your username, and make up the rest (instead of making up the rest of the name, I use the name of the actual site I leave my information with). I use it for every web site I'm forced to register with. It has a number of other domain names in case you don't like the spamgourmet name. Plus, it has a number of other cool features -- if you desire to delve more into it. And it's also open source, so you can easily install it on your own server and modify its functionality to your hearts content.

http://www.spamgourmet.com/

I don't want preinstalled LINUX

[ps3udonym]

I want preinstalled NOTHING. That is it, just nothing. No windows, no shovelware, no headaches and no anoyances of paying for crap I don't want, and won't use. Just give me the option to have a empty hard drive ON ALL MODELS.

Seems simple enought to me. Then you can install what you like on it. I am sick of buying a new copy of a OS I already own again and again just to feed the MS machine.