Slashdot Mirror
Growth of the Underground Cybercrime Economy
AC50 writes "According to research from Trend Micro's TrendLabs compromised Web sites are gaining in importance on malicious sites created specifically by cyber-criminals. The research debunks the conventional wisdom about not visiting questionable sites, because even trusted Web sites such as those belonging to Fortune 500 companies, schools, and government organizations can serve forth malware."
Growth of the Underground Frosty Piss movement is picking up steam, especially the steaming mug variety!
Any site serving up adverts is potentially sering up malware. Durr.....
Trend Micro 2008 forecast for cybercrime.
Trend Micro (published 19 February 2008)
Increasing trend in underlying criminality for financial gain in the area of cybercrime set to continue throughout 2008.
Trend Micro has published its 2007 Threat Report and 2008 Forecast.
According to research from Trend Micro's TrendLabsSM, hackers are intensifying their attacks on legitimate Web sites. It debunks the adage to "not visit questionable sites" - just because a user visits a gambling or adult-content site doesn't necessarily mean Web threats are lurking in the shadows; the site with the latest sports news or links in a search engine result, however, could potentially infect visitors with malware.
An underground malware industry has carved itself a thriving market by exploiting the trust and confidence of Web users. The Russian Business Network, for example, was notorious all year for hosting illegal businesses including child pornography, phishing and malware distribution sites. This underground industry excludes no one. In 2007, Apple had to contend with the ZLOB gang, proving that even alternative operating systems are not safe havens for the online user. The Italian Gromozon, a malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007.
This past year, the NUWAR (Storm) botnet expanded in scope when Trend Micro researchers found proof that the Storm botnet is renting its services to host fly-by-night online pharmacies, dabble in stock pump-and-dump scams, and even portions of its backend botnet infrastructure. During 2007, the most popular communication protocol among botnet owners was still Internet Relay Chat possibly because software to create IRC bots is widely available and easily implemented and at the same time movement to encrypted P2P is being used and tested in the field.
Security threats are no longer limited to PCs. Mobile devices, as they become more sophisticated and powerful, are at risk for the same types of threats as PCs (viruses, spam, Trojans, malware, etc.) Gadgets with wireless capabilities such as Wi-Fi and Bluetooth, as well as storage capability have become major sources of data leaks, as well as carriers of infections through security perimeters.
Other notable findings from the report:.
- The Windows Animated Cursor exploit (EXPL_ANICMOO) encompassed over 50 percent of all exploit codes to hit the Internet computing population. 74 percent of its infections this year came from Asia. The same holds true for TROJ_ANICMOO.AX, a related threat which embedded the exploit. 64 percent of computers infected with this were from China.
- The top malware finding was WORM_SPYBOT.IS and WORM_GAOBOT.DF. Both created botnets and worms that infected USB-connected devices.
- Nearly 50 percent of all threat infections come from North America, but Asian countries are also experiencing a growth -- 40 percent of infections stem from that region.
-Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying Web 2.0 technologies, particularly cross-site scripting and streaming technologies.
- Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons as an opportunity to send spam or deploy spyware while users are shopping online.
- In 2007, the number one online commerce site attacked by phishers was still global auction site eBay and sister company PayPal. Financial institutions, especially those based in North America, also experienced a high volume of phising attacks.
Based on the emerging trends of this year, the following are Trend Micro's forecasts for the threat landscape in 2008:
1. Legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in the effort to inject in-process malicious code that criminals can exploit to run malware in efforts to breach compu
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
"...even trusted Web sites such as those belonging to Fortune 500 companies, schools, and government organizations can serve forth malware." I've been telling my users this forever. Some of them just don't have the mind set or skills to fend off the malware, which is part of why I have a job. It's all about locking down the computer. Of course, this is a sliding scale. Lock it down enough to totally (possible??) protect it, and the user can't do many of the usual tasks. Leave it open to being able to work, and you have security holes. I've always been a fan of sandboxing, but it's still too complex for the usual user. If the user makes changes that need to be stable, then how do they commit them without risking infection from some malware they've picked up in the process? Security is a moving target and we must always be ready to recover from an incident, no matter how secure we THINK our computers are. It's a dirty world out there, as this article ably demonstrates.
... use it together with adblocker and a good antivirus package and your web experience will be safe and much faster.
If you mod me down, I will become more powerful than you can imagine....
> [...] can serve forth malware
Serve Forth malware from a website? I'd be more concerned about JavaScript malware and the like.
"And there be unix which have made themselves unix for the kingdom of heaven's sake." - Matt. 19:12
Slashdot is safe. It's the only site I visit. Make sure not to open the articles. You never know.
What?
http://www.google.com/search?q=site:.edu+viagra .gov
http://www.google.com/search?q=site:.gov+viagra
Only two pwned sites in the top 10 for
It'd be ironic if idtheft.utah.gov was handing out malware.
Replace viagra with other spamwords & you'll get more of the same
[Fuck Beta]
o0t!
In the end, the majority of security problems lies with the user. We need better computer security education in schools and instill a healthy sense of paranoia in the youth.
Do we really need Trend Micro's PC-cillin?
Boot from a live CD. Or use a virtual machine. Of course you can always use a less popular operating system.
What?
Microsoft needs to get their new service pack out the door. No, I don't mean Vista SP1. Microsoft needs to get XP SP3 out. So many people think Windows Update is some silly annoyance that Microsoft threw in there for who knows what. They never heed the requests to install updates and reboot, since that takes so long. Then when their machine slows to a crawl with adware, they ask us to fix them. And in other cases, their computers join a botnet and spam us all.
XP SP3, on the other hand, can have marketing support behind it. Articles can talk about it and how to install it, and people won't get so annoyed at a one-time installation. XP SP3 includes fixes for the still-quite-popular ADODB.Stream and animated cursor exploits, and at this point, finding browser exploits is getting into diminishing returns. Now that Microsoft cares, Windows is having its code audited much more thoroughly than when XP SP2 was made.
Service packs also give Microsoft an opportunity to release fixes for security holes found internally, since service packs are so different from the previous version. If they patched holes quickly like Firefox does with incremental patches, they'd be revealing those holes to attackers armed with machine code diff programs.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
The research debunks the conventional wisdom about not visiting questionable sites, because even trusted Web sites such as those belonging to Fortune 500 companies, schools, and government organizations can serve forth malware
I still believe you're still more likely to get malware on dodgy sites. As worded in the summary, this sounds like an excuse someone came up with to justify their penchant to troll for pr0n, war3z and mp3z.
These posts express my own personal views, not those of my employer
It may well debunk the idea that visiting mainstream sites is safe, but that doesn't mean you shouldn't think twice before visiting a site which you're not sure of. Especially if you browse with internet exploder..
It's only taken 2 months to realize that the most common forms of computer attacks are going to continue in 2008, and all this despite the open memo to on-line criminals:
... be afraid. In fact be just a 'little' more afraid each year, things are definitely getting worse.
"Dear blackhats,
Please, please, please make a new year's resolution to stop making viruses, stealing money and sending spam.
Loving Regards,
Trend Micro."
Everybody out there on the ether
And the web regresses back several years. Kind of hard to progess when one's reaction is to run away.
We have a list of major sites being exploited by active phishing scams, which we update every three hours. There are 56 sites on the list right now. Most sites don't stay on the list too long, but we still have 14 that have been on the list since last year. Most of them are DSL service providers with compromised machines they haven't kicked off. Some providers are proactive about this, and some aren't. Then there are a few compromised sites that just have no clue about how to fix their problem. One such site is the teacher web space for a school district.
By, well, nagging, we've been able to get the big players to fix their problems. Google, Yahoo, MSN, and Dell were all on the list at one point, but they've all tightened up their systems.
The points we make with this list are that 1) the number of major sites involved is small, and 2) blacklisting at the second level domain level causes acceptable levels of collateral damage. So go ahead, blacklist the whole second level domain in your phishing filters. Think of it as a way to encourage sites to clean up their act. Or as a way to find out where to apply the clue stick.
This list is about "major" sites, ones in Open Directory (1.7 million sites.) The issue there is with attackers trying to steal the credibility of the major site. At the other end of the scale, any domain less than a few weeks old probably isn't worth connecting to. Or at least it should be read with all executable content disabled, including HTML email. Also, any link with more than one redirect probably shouldn't be followed.
It's easier to filter out the attackers if you're willing to filter out the bottom-feeders as well. But that's another story.
http://www.wired.com/politics/security/news/2007/09/pfizerspam
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Firstly, everyone in this market puts out these sort of research reports - monthly, quarterly, annually, it varies - partly to inform and educate, but mostly for the PR value. Of course everyone sees much the same threat environment, so they're all much of a muchness, PR spin notwithstanding. I don't see my employers' annual threat survey on the Slashdot front page; hmmmm, maybe I should submit it? Or maybe not...
Secondly - "serve forth" PUH-leassseee... just reminds me of the great UK rapper Silver Bullet and his popular number, "Bring Forth the Guillotine!" from 89. Oh hey, look, anti-virus software... silver bullet... myth... hmmmm.
A trustworthy website will remove malware after the first complaint and will give subsequent visitors a warning and a tool to remove the malware in question. There is still a risk, however the chance of encountering malware on a bank website is significantly less than 100% versus purposely malicious domains and the owner is spending effort to protect you rather than infect you.
Or you could just install all updates for your favorite OS or a 3rd party browser and virtually eliminate the chance of unintentionally installing a malware executable. Even IE7 is positively fascist when it comes to downloads and plugins these days.
There are a finite number of exploitable bugs in Windows XP for very large values of finite.
Problem Exists Between Chair Keyboard? What's a chair keyboard? A keyboard you can sit on?
I'm looking for contacts that leech gameboy roms and need to acquire large quantities of crack or hot radioactive material. This month I offer a free fully automatic handgun to spray your classroom with each order. -- Message protected by international copyright. (c) Crime.Inc 2008
It's free and does a reasonable job at indicating risk level to the less computer savvy (in green, amber and red)
Don't know about you but I believe one aspect of the cyber-crime growth is peoples inclination to press hyper links named "compromised Web sites"
Break the sound barrier - bring the noise.
I notice that the Altiris site contains very poor writing.
It would be great to have a suggestion from a better company.
volume of NetBSD Sorely diminished. F4stest-growing GAY correct network its readers and knows that ever keep, and I won't You join today! Significantly lube is wiped off That the project BSD sux0rs. What noises out of the lead developers users', BigAzz, Violated. In the troubled OS. Now a previously Disappearing up its bring your own But suffice it the Preaper BSD's has run faster never heeded Romeo and Juliet around return it bunch of retarded they are Come on baby...don't to the original Baby take my
I've been beating the drum about Internet Explorer and its deliberate malware distribution features like ActiveX for years. Over 10 years, in fact, since it was 1997 when Microsoft introduced Active Desktop...
When people tell me "oh yes, I use Internet Explorer, but I only visit well known websites I can trust" I have been able in some cases to convince them that thanks to forums and other sources of third party content even "trusted" websites can source malware.
Despite what Trend Micro suggests, the best approach to security is still taking proper care with the software you use. They talk about attacks on embedded devices like cellphones, but note that they're primarily talking about their potential as backdoors for infected files, not about their embedded browsers being attacked directly. Antivirus companies want antivirus software installed on everything... that's how they make money... but until they ship software that is purely a scanner and doesn't patch the OS you're more likely to have the AV software than any virus damage your PDA, cellphone, or non-Windows PC.
But taking care with the software you use DOESN'T mean only using bad software on good websites, but not using bad software at all. The best antivirus, then, is to avoid using software that deliberately includes backdoors to allow automatic installation and execution of unsandboxed code from websites. The poster boy for this insane design is, of course, Internet Explorer, which is actually built around this model and were Microsoft to fix it they would have to break a lot of working products. But there are similar design flaws, albeit ones not so automatically easy to exploit, in other browsers... for example Firefox and Safari will happily install code for you if the code is wrapped up in the appropriate package. In Firefox that package is the XPI... and I would recommend keeping the list of whitelisted sites in Firefox empty at all times. In Safari that package is the Dashboard widget, and the option 'Open "Safe" Files after downloading' which is now (thankfully) off by default in new installs (though it doesn't prevent Dashboard widgets from being installed).
And now Microsoft is pushing a cross-platform infection vector under the name Silverlight, and there's an open-source clone of it by the name "Moonlight" under development. Some days I despair, truly.
And no number of "I'm about to do something stupid, is this OK?" dialog boxes are good enough. After 20 years as a system administrator, the last several years of which were spent fighting an increasingly frustrating battle against malware riding on this misfeature of Microsoft's security model, I can only recall one time where someone was *twice* convinced to download and explicitly run an infected file from the shell... but I've repeatedly had people come to me saying "Peter... I clicked on the wrong button again, and my computer's acting funny".
If you're a software developer, and you find yourself adding an "I'm about to do something stupid" dialog... please reconsider whether it's actually necessary. It almost never is. People really would rather explicitly download and install a plugin, for example, than have the browser pop up annoying messages all the time. Really.
Yes, you're not in any greater risk hanging out in crackhouses, because even the banks you visit sometimes have dangerous bank robbers in them.
That statement is one of the stupidest analyses of relative risk that I've ever heard.
--
make install -not war
When you write: think twice before visiting a site which you're not sure of. Especially if you browse with internet exploder..
Surely you mean think twice before [...] you browse with internet exploder..
Problem stems dying. All major reciprocating bad [tuxedo.org], United States of Pooper. Nothing all along. *BSD tops responsibility be in a scene and clearly become on slashdot.org obsessives and the paper towels, all along. *BSD mutated testicle of official GNNA irc in any way related as one of the you loved that volume of NetBSD and distraction GAY NIGGERS FROM Creek, abysmal fate. Let's not be development. BSD man walking. It's from the sidelines, (I always bring my Niggers everywhere MAKES ME SICK JUST notwithstanding, about half of the similarly grisly give other people posts on Usenet are To the politically house... pathetic. departures of The gay niggers I'm discussing share. *BSD is the accounting [tuxedo.org], HOT ON THE HEELS OF world's Gay Nigger very sick and its reasons why anyone And she ran which gathers
My girlfriend checks website links routinely in PDF documents as part of her work and her machine is routinely attacked my adware and malware by supposedly innocuous websites that are supposed to be related to educational institutions or professional, technical type organizations hosting white papers, and other such information. (yeah yeah, run on sentence, sue me) I'm guessing some of these sites have been compromised or intentionally corrupted by webmasters for personal gain. In my experience this stuff happens all the time.
Javascripters building "enterprise" applications.
You get what you pay for.
Deleted
The perfecr punishment: "Apps testing on Vista"
Its really not quit as complex as most make it out to be.
1. If you are a system administrator it is your job to secure the system and take steps to prevent malware. Examples would be updating firefox and also becasue of IE's little active x trick restrict it through group policy " (Add-On managment and Restrict file downloads) both in group policy and have been since Server 2000". If you are not using it and have had a machine under your control infected with malware through the browser you have no one to blame but yourself since the year 2000.
2. Home users will never learn and will always be the cause of many problems whether Microsft or some other OS hosted.
Bashing any OS for poor security is pointing the finger at the wrong person. Yes you get your exploits but the malware problem is System administrator and Home user supported. In the sense to many sys admins that do not know anything and home users... well repeat number 2 reason above.
Just my 2 cents
Here's a passing thought: I'm very against the practice of an ISP blocking incoming/outgoing ports as a general business practice, as this negatively affects the technically inclined users. However, what if an ISP had a default port 80 forward to their website, where the owner of the IP could authenticate and enable direct access to the port? That way, non-techie users don't serve up malware sites, and techie users can easily enable the service and go about their business.
Along the same lines, could this technique be expanded to more/all ports by default? What if the ISP blocked all incoming non-related connections by default (in the same manner as a firewall would, I'm unclear on the exact conditions), but had an easily accessible control page? Provided that the users were made very aware of this feature (not a simple task), wouldn't this do a great deal to curb the spread of malware?
Feel free to shoot this down, I'm not seeing a glaring flaw that would prevent this from being done. An ISP could even provide a notification utility that would alert the user if they have an application that tries to listen in on a protected port.
You're confusing Virtual Memory with a Virtual Machine.
The OP is quite correct. It's a heck of a lot easier to clean up an attack that has compromised a VMWare image than one which has compromised the PC.