So what's in store for you this year?

By on
So what's in store for you this year?

Spam, trojans, keyloggers and every variety of virus are on the increase, making life harder for information security professionals. René Millman assesses the scale of this onslaught

Two years ago, Bill Gates made the brave prediction that spam would by now be "a thing of the past", but it currently makes up between 60 and 90 per cent of all email traffic, and by all accounts is not going to go away. If anything, this year will see spam reaching unprecedented volumes.

"There is going to be a real growth in 'pump and dump' spam," says Graham Cluley, senior technology consultant for anti-virus company Sophos. At the start of the year, this type of spam only accounted for 0.8 per cent of spam, but by November it had shot up to 13.5 per cent. "It is expected to grow even more," he adds. He notes that the number of new malware threats – worms, viruses and their ilk – rose by 48 per cent, with 10,724 new threats recorded in 2004 rising to 15,907 in 2005. And this figure is set to keep growing in 2006.

Pump and dump scams involve hyping the stock of a particular company, usually a small firm with a share price in pennies, through false and misleading statements to the market or, in this case, to internet users. The scammer hopes that enough people receiving the email are duped into investing in the shares, which the scammer has also heavily invested in. Then, when the share price has inflated, the scammer "dumps" his shares and the duped investors lose money.

Lately, such schemes have put out claims that companies have developed an effective medication against bird flu.

While most security professionals are clever enough to avoid these schemes, the problem remains how to stop this and other types of spam clogging up email servers and eating up bandwidth. Spam filters will deal with such threats, but some experts argue that this approach is never going to solve the problem completely, and might even make it worse in the long term.

Neil Murray, CTO of email management and security company Mimecast, says spam will continue to get through because filters cannot deal with the "infinite variables" the content possesses.

"Content filters will always have content-based false positives and, therefore, associated quarantines that the IT department or end user must trawl through, which leaves employees forced to view sensitive content," says Murray. He believes that the answer is to focus on authentication and reputation techniques, making filtering a second layer of defence.

The nature of spam is also undergoing rapid change. What started off as just a nuisance, became a problem and is now a big threat to the integrity of the corporate infrastructure. Spam is no longer just being used to sell dodgy medications, but to install trojans, adware and spyware.

The typical spam email comes with just a simple subject and a URL; it's simple enough to fool a spam filter, but still an effective trap. The link, when clicked on, downloads malware to the desktop.

"Once installed, these trojans can enable remote attackers to harvest confidential passwords and access sensitive network data, or to use the infected system as a 'slave' in mounting other attacks, such as a DDoS or as a spam relay," says Piers Wilson, head of technical assurance at Insight Consulting.

"For an organisation, the idea of its workstations being not only compromised, but then used to launch attacks against other organisations, is a major concern."

Virus and trojan writing and distribution has become a genuine, but highly illegal, industry. It is no longer the domain of socially inept teenagers sitting in their bedrooms. Organised crime properly muscled into the action last year; the wiseguys now carry a laptop as well as a firearm.

"Organised crime is now taking a more sophisticated approach, and hiring software engineers, researchers and others to help exploit the systems out there; and they are coming up with increasingly ingenious attacks, often leveraging key infrastructure components that are hard to shut off," says Brian Wilson, the CTO of email security company MailFrontier.

As Insight's Wilson mentioned earlier, there is a whole range of attacks the hackers can use against organisations. Criminals use botnets of thousands of infected computers to launch any manner of attacks against organisations and users.

The theft of sensitive data is one major concern. Using the techniques learnt from phishing scams, criminals are turning to "spear phishing". This is a phishing campaign focused on a small number of users, such as employees at a particular company or even a particular department within that organisation, in order to gain access to confidential data.

"The opportunities for a successful crime are increased by using social engineering tactics – forging the email address used in the spear phishing email to appear to come from someone the recipient knows," says Cluley.

This sort of attack flies under the radar of most companies, which are looking for the big outbreaks.

Trojan threats are not just limited to the real world. A number of worms and trojans have been developed to steal credentials from players of MMORPGs (massively multiplayer online role playing games). Criminals use these credentials to steal and sell virtual items from the games to make money in the real world.

"This move into the theft of virtual goods is hardly surprising if you consider the sums of money changing hands for virtual items in these virtual worlds," said Cluley. It's hard to believe, but a man in Miami recently spent $100,000 (that's real US dollars) on a virtual space station.

It seems that behind every scam there is a botnet, and behind that botnet is a criminal gang. Chris Boyd, security research manager at FaceTime Communications, uncovered a botnet controlled by a criminal group in the Middle East. A worm recruited computers by propagating itself via the AOL Instant Messenger network.

The worm, once installed, not only downloaded and installed various adware and spyware applications (from which the group earned revenues from affiliate fees), it also installed a rootkit, called "lockx.exe". This rootkit then listened on an IRC channel to await further commands (a botnet master's favourite trick). Further programs can be installed to sniff out usernames, passwords and other personal information that can be used to steal identities.

While these botnets are not new, Boyd believes they are becoming smaller to avoid detection. "Botnet masters are cutting back on the number of hosts to around 20,000 and increasing the number of IRC servers controlling hosts," explains Boyd. "They are scattering the IRC servers all around the world to escape attention."

Hackers are changing their tactics in other ways. Boyd says that the gangs and spyware merchants are looking at peer-to-peer networks, such as Bittorrent, as a means of distribution. The technology allows hackers to move large files more efficiently and anonymously through the internet. "This is the next attack vector," he states. "And it is definitely the craziest one I've seen, bar none."

With so many new ways to compromise a computer, what can be done to keep our infrastructure free of malware?

"The clever hacker will identify a loophole that we have not foreseen and the only people who are going to be ready for it are those who recognise this fact and have implemented a flexible defence that can be rapidly updated," says Simon Heron, director of managed security service company Network Box. "It will require people to monitor their networks closely. The days of installing defences and thinking you are safe are gone."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?