Posted on: Sunday, May 22, 2005
'Crimeware' burrowing into computers
By Jon Swartz
USA Today
Online swindlers are using crafty new software to exploit security holes in computer programs and corporate networks to extend their enterprises, tech-security experts say.
The emergence of so-called crimeware programs comes as law-enforcement officials aggressively prosecute cases involving spam and fraudulent e-mails used in "phishing" scams, which trick recipients into yielding personal data at fake Web sites.
The rise in crimeware reflects a shift in strategy, says Matt Sergeant, senior antispam technologist at MessageLabs. Last year, virus writers and spammers collaborated to hijack consumer PCs to spread spam. Now, spyware purveyors are teaming up with phishers to steal and sell personal information, he says.
Fueling the cybercrime wave:
• Phishing. "Pharming," a new form of phishing that is harder to detect, has emerged as a major new Internet security threat, says Dave Jevans, chairman of the Anti-Phishing Working Group. Like phishing, pharming uses fake Web sites to rip off consumers. But it also implants malicious software on a victim's PC that sends consumers to a bogus site even if they type in the correct address, Jevans says.
In another twist on phishing, consumers are directed to bogus sites loaded with programs that spy on keystrokes and cut-and-paste actions. (To avoid typing passwords into online banking accounts, some tech-savvy consumers cut and paste sensitive information from a file already stored on their PCs.)
Spyware programs with both features are widely available on the Internet for about $1,100, Jevans says.
• "Zero day" attacks. A surge in computer worms that search the Internet for PCs with previously unknown vulnerabilities has aided criminal rings in stealing personal data, says Charles Renert, chief architect at computer-security firm Determina. The attacks get their name because once they occur, the victim has zero days to patch a machine, instead of a customary two weeks, says Firas Raouf, chief operating officer at eEye Digital Security, which makes security software.
In a typical attack called a buffer overflow, the worm bombards a PC's operating system with data to gain control and access the user's personal information, ranging from credit-card numbers to online bank records. That information is often sold to online credit-card rings. The infected PC also is used to spread the worm or spam, Renert says.
• More efficient spam delivery. Programs that let hackers hijack PCs and turn them into spam-spewing machines have a new twist. The spam is now delivered through the mail server of the Internet service provider instead of the compromised PC, making it more difficult to block, says Sergeant. America Online, Time Warner Cable and other ISPs say they have addressed the issue.