Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Browsers Under Siege From Organized Crime

Posted by Zonk on from the x-force-2007-sounds-like-an-awesome-movie dept.

An anonymous reader writes "IBM has released the findings of the 2007 X-Force Security report, a group cataloging online-based threat since 1997. Their newest information details a disturbing rise in the sophistication of attacks by online criminals. According to IBM, hackers are now stealing the identities and controlling the computers of consumers at 'a rate never before seen on the Internet'. 'The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007.'"

7 of 168 comments (clear)

  1. Firefox? Opera? Safari? by TFGeditor · · Score: 5, Insightful

    Okay, I admint I have not (yet) read the article, but experience tells me that 80% likely involves IE at 90 percent or better.

    --
    Ignorance is curable, stupid is forever.
    1. Re:Firefox? Opera? Safari? by WilliamSChips · · Score: 5, Insightful

      I'm not fully sure but I know every browser has one vulnerability. It's between keyboard and chair.

      --
      Please, for the good of Humanity, vote Obama.
  2. Explains the odd attempted breakins.. by downix · · Score: 5, Interesting

    Over the past 4 weeks I've noticed a rash of almost hourly attempted breakins to our servers.

    Here's a sample:
    ftp attempts for 5 hours straight:
    Feb 12 10:27:02 localhost proftpd[24841]: localhost.localdomain (::ffff:82.186.102.42[::ffff:82.186.102.42]) - no such user 'Administrator'
    Feb 12 10:27:02 localhost proftpd[24841]: localhost.localdomain (::ffff:82.186.102.42[::ffff:82.186.102.42]) - USER Administrator: no such user found from ::ffff:82.186.102.42 [::ffff:82.186.102.42] to ::ffff:192.168.10.26:21
    Feb 12 10:27:02 localhost proftpd[24841]: localhost.localdomain (::ffff:82.186.102.42[::ffff:82.186.102.42]) - Maximum login attempts (3) exceeded

    ssh attempts almost constant since last friday:

    Feb 11 01:37:07 localhost sshd[13953]: pam_unix(sshd:auth): check pass; user unknown
    Feb 11 01:37:07 localhost sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.31.37.13
    Feb 11 01:37:07 localhost sshd[13953]: pam_succeed_if(sshd:auth): error retrieving information about user ajith

    When I catch them, the majority of the IP #'s match up to systems which have been rootkitted. The stream of odd login names always catches me off guard, sometimes in english, sometimes japanese or chinese. Does anyone know of someone that keeps track of these things, so I can send my logfiles to?

    --
    Karma Whoring for Fun and Profit.
    1. Re:Explains the odd attempted breakins.. by KublaiKhan · · Score: 5, Informative

      The folks over here keep track of that sort of thing. You may want to speak with them.

      --
      In Xanadu did Kubla Khan
      A stately pleasure dome decree
  3. Dat's a nice browser yous got by gnarlyhotep · · Score: 5, Funny

    Be a shame if sumfin' were to happen to it, like.

  4. New form of stick-up? by DoofusOfDeath · · Score: 5, Funny

    Hand me your cache!

    (Sorry - for humor I go for quantity, not quality.)

  5. Re:That's not the worst of it. by TheRealMindChild · · Score: 5, Funny

    Then they'll use that database to take out a second mortgage on your home, purchase a new car and open a few credit cards under your name.

    I got that one covered. I just haven't paid several bills for a long while now. If someone tries to get credit with my credentials, all they will get is people laughing and pointing at them

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson