Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Browsers Under Siege From Organized Crime

Posted by Zonk on from the x-force-2007-sounds-like-an-awesome-movie dept.

An anonymous reader writes "IBM has released the findings of the 2007 X-Force Security report, a group cataloging online-based threat since 1997. Their newest information details a disturbing rise in the sophistication of attacks by online criminals. According to IBM, hackers are now stealing the identities and controlling the computers of consumers at 'a rate never before seen on the Internet'. 'The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007.'"

19 of 168 comments (clear)

  1. Firefox? Opera? Safari? by TFGeditor · · Score: 5, Insightful

    Okay, I admint I have not (yet) read the article, but experience tells me that 80% likely involves IE at 90 percent or better.

    --
    Ignorance is curable, stupid is forever.
    1. Re:Firefox? Opera? Safari? by Farmer+Tim · · Score: 4, Funny

      I most strongly disagree. IE is flamebait: use it, and you will get burned.

      --
      Blank until /. makes another boneheaded UI decision.
    2. Re:Firefox? Opera? Safari? by WilliamSChips · · Score: 5, Insightful

      I'm not fully sure but I know every browser has one vulnerability. It's between keyboard and chair.

      --
      Please, for the good of Humanity, vote Obama.
    3. Re:Firefox? Opera? Safari? by nbannerman · · Score: 4, Funny

      Agreed - this is why I replace all my users with inanimate carbon rods - I haven't had a security problem in months!

    4. Re:Firefox? Opera? Safari? by grcumb · · Score: 4, Interesting

      ...experience tells me that 80% likely involves IE at 90 percent or better.

      How is that a troll? He's stating the observation based on his experience. It's a Troll because anecdotal evidence boils down to pretty much this: "That's what my personal experience leads me to *feel* is true, and here are some numbers (I made up) that *feel* right to quantify my *feelings*."

      That is as far from the definition of a troll as can be imagined. Re-read the moderator guidelines about the difference between 'Flamebait', 'Troll', and 'Factually Incorrect'. Attitudes like yours make meta-moderation necessary.

      On top of everything else, it's not necessarily even wrong. I can give you 'anecdotal' evidence based on servicing computers for a local user community of about 40,000 people. My observations haven't been formalised or codified in any way, so I can't make any claim to scientific observation, but I can tell you that what I see on a day-to-day basis is relevant and significant.

      This is valid and useful information in my professional context. You're implication that anecdote is always based on feeling is, ironically, based on a hunch informed by your own bias.

      The linked pdf showed that Firefox had 36 critical security issues versus IE's 28.

      If you're so bent on getting good data, by the way, you should know better than to blindly add up vulnerability announcement totals and call that analysis.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
  2. The minute that vulnerabilities were monitized... by DigitalSorceress · · Score: 4, Interesting

    It seems to me that the moment that organized crime found a way to make money off security vulnerabilities (Spam, ID theft, Ransomware, etc...) the writing was pretty much on the wall (though I'm still trying to figure out what it says). It kind of reminds me of William Gibson's cyberspace: a free-for-all, hostile environment where it was pretty much up to individual users / corporations / governments / whatever to protect themselves through whatever means necessary.

    Welcome to the wild, wild net.

    --

    The Digital Sorceress
  3. Drop in vulnerabilities... really? by grassy_knoll · · Score: 4, Interesting
    From TFA:

    The overall number of vulnerabilities reported for the year went down for the first time in 10 years.


    Combined with the comment that camouflaging techniques are used in 80% - 100% of recorded attacks, I wonder if the number of attacks is really going up ( as it has been in the past 10 years ) but detection is getting worse.
    --
    A Human Right
  4. Explains the odd attempted breakins.. by downix · · Score: 5, Interesting

    Over the past 4 weeks I've noticed a rash of almost hourly attempted breakins to our servers.

    Here's a sample:
    ftp attempts for 5 hours straight:
    Feb 12 10:27:02 localhost proftpd[24841]: localhost.localdomain (::ffff:82.186.102.42[::ffff:82.186.102.42]) - no such user 'Administrator'
    Feb 12 10:27:02 localhost proftpd[24841]: localhost.localdomain (::ffff:82.186.102.42[::ffff:82.186.102.42]) - USER Administrator: no such user found from ::ffff:82.186.102.42 [::ffff:82.186.102.42] to ::ffff:192.168.10.26:21
    Feb 12 10:27:02 localhost proftpd[24841]: localhost.localdomain (::ffff:82.186.102.42[::ffff:82.186.102.42]) - Maximum login attempts (3) exceeded

    ssh attempts almost constant since last friday:

    Feb 11 01:37:07 localhost sshd[13953]: pam_unix(sshd:auth): check pass; user unknown
    Feb 11 01:37:07 localhost sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.31.37.13
    Feb 11 01:37:07 localhost sshd[13953]: pam_succeed_if(sshd:auth): error retrieving information about user ajith

    When I catch them, the majority of the IP #'s match up to systems which have been rootkitted. The stream of odd login names always catches me off guard, sometimes in english, sometimes japanese or chinese. Does anyone know of someone that keeps track of these things, so I can send my logfiles to?

    --
    Karma Whoring for Fun and Profit.
    1. Re:Explains the odd attempted breakins.. by KublaiKhan · · Score: 5, Informative

      The folks over here keep track of that sort of thing. You may want to speak with them.

      --
      In Xanadu did Kubla Khan
      A stately pleasure dome decree
    2. Re:Explains the odd attempted breakins.. by ssstraub · · Score: 4, Informative

      Rootkit Revealer (Windows). This was written by Mark Russinovich before he joined Microsoft.

    3. Re:Explains the odd attempted breakins.. by cheater512 · · Score: 4, Informative

      Your looking for this for your SSH logs: http://denyhosts.sourceforge.net/
      It will automatically detect and block the attackers and optionally add them to a gobal block list.

  5. Beware the"funny" moderation in Organized Crime... by HairyNevus · · Score: 4, Funny

    ...It begs the question "how am I funny to you?"

    --
    You were critically hit for no damage. The bruise will look nice, and maybe the scars will make good party talk.
  6. That's not the worst of it. by khasim · · Score: 4, Insightful

    It kind of reminds me of William Gibson's cyberspace: a free-for-all, hostile environment where it was pretty much up to individual users / corporations / governments / whatever to protect themselves through whatever means necessary.

    The problem is that no matter how well YOU protect yourself, other agencies have your personal information in their databases.

    What happens if your employer loses a laptop with your SSN, name, etc on it?

    Eventually, the criminals are just going to start building a database with whatever information they can find.

    Then they'll use that database to take out a second mortgage on your home, purchase a new car and open a few credit cards under your name.

    You'll lose more money than you have. And you'll never have a chance to prevent it. Because all the information will be "leaked" from 3rd parties.
    1. Re:That's not the worst of it. by Anonymous Coward · · Score: 4, Insightful

      Potentially the problems you state are only the scraps, unfortunately it is getting to where every filing cabinet and vault in the world has multitudes of vacuum pipelines hooked to it and organized crime is working hard on figuring out how to break down the filters and routing on these pipelines and channel the flow to themselves. Think in terms of the old vacuum pipes for paper and money transfers inside old department stores and then expand it world wide, now try to imagine keeping it secure, not just your part of it but everyone's part that you connect to and everyone's part that they connect to ad infitum, welcome to the internet.

      Side warning to the F/OSS community: That multitude of eyes may become even more important as we start to wonder, is the Godfather contributing? It doesn't even have to be in terms of direct backdoors, only has to be an exploitable bug which of course don't make the contributor look as bad.

      Side warning to the closed source corporations: See above, biggest difference is your paying them too. Think you can hire that many eyes?

      Side warning to businesses and individuals: Read the above, look around you, let the paranoia begin.

      The internet maybe a highly efficient way of doing business, but it can be an extremely efficient way to steal too. Weigh the KNOWN risk factors, is it really worth it?

      Organized crime is only the tip of the iceberg.

      We may have to become stainless steel rats just to be free.

    2. Re:That's not the worst of it. by TheRealMindChild · · Score: 5, Funny

      Then they'll use that database to take out a second mortgage on your home, purchase a new car and open a few credit cards under your name.

      I got that one covered. I just haven't paid several bills for a long while now. If someone tries to get credit with my credentials, all they will get is people laughing and pointing at them

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  7. Dat's a nice browser yous got by gnarlyhotep · · Score: 5, Funny

    Be a shame if sumfin' were to happen to it, like.

  8. New form of stick-up? by DoofusOfDeath · · Score: 5, Funny

    Hand me your cache!

    (Sorry - for humor I go for quantity, not quality.)

  9. You know... by Guppy06 · · Score: 4, Funny

    "In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007."

    If they're going to hose my Windows boxen and install spurious applications of dubious intent, I find that I prefer if they camouflage their attempts so as not to bother me with constant popups from the system tray telling me to install their spyware to get rid of spyware.

  10. Got plugins? by jschottm · · Score: 4, Insightful

    The web is not just HTML at this point. Both QuickTime and RealPlayer have had notable exploits in the past few months. Acrobat and Flash have had major security holes as well. Just relying on the fact that you're using Firefox doesn't mean that you're not vulnerable.