Slashdot Mirror
Web Browsers Under Siege From Organized Crime
An anonymous reader writes "IBM has released the findings of the 2007 X-Force Security report, a group cataloging online-based threat since 1997. Their newest information details a disturbing rise in the sophistication of attacks by online criminals. According to IBM, hackers are now stealing the identities and controlling the computers of consumers at 'a rate never before seen on the Internet'. 'The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007.'"
The folks over here keep track of that sort of thing. You may want to speak with them.
In Xanadu did Kubla Khan
A stately pleasure dome decree
Here is the link to the source : http://www.iss.net/x-force_report_images/2008/index.html/
Those who understand the problem do just that -- they disable javascript.
Rootkit Revealer (Windows). This was written by Mark Russinovich before he joined Microsoft.
Your looking for this for your SSH logs: http://denyhosts.sourceforge.net/
It will automatically detect and block the attackers and optionally add them to a gobal block list.
...after all, it was only a matter of time once rootkit source code was published for anyone to grab. From that time onwards, true stealth malware was possible to create without needing to be a security researcher. Combine the ease of integrating someone else's rootkit code into a payload with a vigorous open market for Windows vulnerability information ($25,000 gets you a brand new zero-day exploit) and you reach the situation we have today.
Some people believe the largest botnets out there are ones built with the Storm Worm or other similar exploits. My bet would be that there are plenty larger out there, undetectable because they hide behind rootkits and don't do stupid stuff like turn the box into a spam cannon. And for people who think that the C&C (Command and Control) would be detected, think again: if a rootkit can conceal a file then it can also conceal a process, a named pipe, an interrupt handler, you name it.
What happens if your employer loses a laptop with your SSN, name, etc on it?
If you are paranoid like me you will have already called one of three major credit companies (not the free score but Equifax, Experian, or TransUnion) and put a freeze on your credit every 90 days with a fraud alert. Or you can pay one of their subsidaries a monthly fee for any notifications via email or SMS of any changes or requests in your credit (yeah it kind of feels like I'm paying them to solve a problem that is their fault).
On the downside you won't be able to get new credit lines easily while your account is locked so do this after you get your mortgage or car loan. On the upside... No one can do anything with your information without causing some major red flags. Also it seems that the junk mail has ceased.
Just a suggestion for those paranoid types.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
... secure your web browser. Many browsers are not secure out of the box, which puts you at risk of attack.
I call BS on this one. I've done a couple of POS implementations for restaurants and all they all used WPA encryption on the devices and the access points were setup to only accept connections from a pre-defined list of MAC addresses. Ya ya, MAC addresses can be spoofed but it is going to take an attacker a long time to hit a restaurant wireless network. The majority of restaurants still swipe the card at the hard wired terminal anyway. The restaurant industry has been dealing with confidential credit card information for a long time. The major POS vendors are up to date on what it takes to keep the data safe.