Hackers reach beyond Windows, IE
Similar to cockroaches that you stop at a hole in the wall, only to have them reappear under the door, criminal hackers are finding new and better ways to compromise your computer and electronic devices. So concludes a new Internet Security Threat report from Symantec on
March 21, 2005. Based on data collected at Symantec's Security Response facilities worldwide, the report is one company's snapshot of malicious Internet activity during the last half of 2004.
According to David Cole, Director of Product Management for Symantec Security Response, he can refer to the information uncovered in the 70 page report to talk about what he's already seeing in 2005. Covering trends such as the discovery and exploitation of flaws in non-Internet Explorer browsers, non-Windows operating systems, and the recent reach by crackers into non-desktop/server computers such as handhelds, and smart phone devices.
Overall, the news is mixed
The good news, says Cole, is that today, companies are much better at defending our network perimeters than they were a few years ago. Traditional Internet attacks are becoming less frequent. The opportunistic attackers are now going after end users who log in from home, and or, while traveling. Since companies are doing a good job in protecting their e-mail systems, either at the gateway with corporate defenses or on desktops with antivirus applications, virus writers are keeping pace with the changes. Virus writers have begun targeting instant-messaging (IM) applications, Internet Relay Chat (IRC), and peer-to-peer networks (P2P) in addition to e-mail based attacks. Symantec reported threats related to P2P, IM, IRC make up nearly 50 percent of its top 50 threat submissions, up from 32 percent covering the same period last year.
Unfortunately, viruses and worms aren't the only Internet threats. Phishing scams, spyware, and now Pharming attacks are becoming more common. By now, most of us know that Microsoft Internet Explorer harbors many security vulnerabilities. So, according to Symantec, as people move away from IE (now below 90 percent usage), attackers are turning their attention to other Internet browsers, such as Mozilla. An example might be what crackers have done with the vulnerability found in Internationalized Domain Names (IDN) which affects most non-IE browsers. IDN renders specialized character sets such as non-English domain names in a standardized way using Unicode characters, a standard that attempts to assign a unique computer number for every computer character, no matter which platform, or language set. The IDN standard allows foreign companies to register domain names in different languages; however, criminal hackers have discovered that they can use this loophole to fool end users onto their phishing sites by substituting specific letters from alternative character sets.
Oddly, IE does not support IDN (although rumors suggest the upcoming WindowsXP-only IE 7 will support IDN). Mozilla and Firefox have since patched their IDN flaw. Should you wonder if IE would be a safer browser as a result of recent attention to non-IE browsers, the answer is "No."; while there were a greater number of vulnerabilities reported in Mozilla during the last half of 2004, Symantec found that the most severe vulnerabilities still reside within Internet Explorer. Of the 13 Internet Explorer vulnerabilities rated by Symantec from June to December 2004, 9 were considered high.
Other OSs under attack
The Symantec report also predicts that crackers will become more interested in the Mac OS during 2005; specifically mentioning sales of low-priced mini Macs. As more casual, less tech-savvy users adopt Macs, expect to hear more about vulnerabilities exposed within the Mac OS, which is based on the Unix system. Other security companies are seeing an uptick in Mac flaws. For example, security company Secunia also saw an increase in reported Mac OS flaws during 2004.
Other electronic devices under attack
As more people leave their desktops and start accessing the Internet via mobile devices, so too, do the crackers. Last summer, someone released the Cabir worm (A recently created "concept virus" designed to show that a worm could spread between smart phones won't get very far in the real world, according to antivirus companies), designed to infect Symbian OS-equipped Nokia series 60 smart phones.
These phones are popular in Europe, but have only recently started selling here in the United States. Since the first of this year, however, the Cabir worm has been reported in nearly two dozen countries, including the United States. Cole says these attacks will continue to grow as Bluetooth and smart phone adoption sets in. In fact, crackers recently launched CommWarrior, (a new Trojan horse that could prove to be a more pervasive threat than Cabir) a smart phone-enabled virus that is able to infect either Bluetooth systems or those using Multimedia Messaging Service.
All is not lost
What's fueling the spread of Internet threats to other platforms? Money. During the Sobig virus attacks in 2003, spammers and perhaps organized crime are now paying virus writers to push the limits and infect as many systems as they can. We've moved from a strictly ego-fueled virus culture to one where the tools of law enforcement work best. Instead of finding a random, rogue programmer, law enforcement officials are following the money, and they're making some major busts against cybercrime (Israeli police, and British forces are investigating an attempted robbery of 219 million pounds, or $421.2 million, at the London offices of the Japanese bank Sumitomo).
As you adopt new technology, stop and think about the possible security pros and cons. Just because someone hasn't written a devastating worm to hit the Mac OS platform doesn't mean it won't happen. Same with your Nokia smart phone, proceed with caution. If we've been successful in frustrating crackers by having antivirus and firewall solutions on our desktops, there is a chance we'll also prevail in these other areas too.
March 21, 2005
FTC Shuts Down Spyware Web Sites
Pharming for Your Identity
Phishing Flaw in Alternate Browsers