Internet crooks are growing bolder

Internet crooks are growing bolder

Edited by Dennis A. Pitta University of Baltimore

Internet crooks are growing bolder

In most of the Computer currency columns we look at specific pieces of hardware or software. In this issue we change that format. Now we are warning about an almost invisible threat to corporate and individual computing: cybercrime. If it is invisible, how does one know that it is occurring? One of the best measures is junk e-mail, also known as spam. Spam is the marker that betrays the number of individually owned and corporate computers under the control of the crooks. Data exist that betray the staggering nature of the problem. For example, the internet security firm Postini, based in San Carlos, California, reported that 90 percent of all e-mail sent during October 2006 was unsolicited junk mail. The trend is escalating. Postini reported that in November and December, spam volumes rose 73 percent. Many of us are not too concerned since we use firewalls, spam filters, and virus protection. The problem is that online criminals are growing smarter about hiding personal data that they have stolen and are using new methods for attacking computers that are harder to detect. Today, spammers are embedding their messages in images to avoid the spam filters that search for particular words or phrases. In the past, users have been successful in adding target words to their spam blocking software. So those who are deluged with unsolicited cheap travel offers or free resort condominium visits connected with sales pitches, can add words like free, resort, investment, condominium, time share and other “trigger” words to their spam dictionary.

I have noticed numerous pieces of spam touting stocks to purchase that are .JPG image files. The image avoids being detected by my spam filter that routinely routes messages containing those phrases to the screened mail box in my mail server. The trend is putting pressure on network administrators because junk mail with images occupies up to three times the bandwidth and storage space as text messages. Some mail systems have suffered serious performance degradation.

The foundation of spam

One reason that spam is a bellwether of internet security is that most spam is sent using “bots.” Like a robot, the cybercrooks take over strangers’ computers using viruses, worms or other malware and then use those PC’s to flood the internet with spam. The crooks are creative. They can capture computers using malware, then link them into virtual networks that can send an ever increasing amount of spam into the world wide web.

The effect is impressive. Security sources claim that currently between 3 and 4 million computers are active spambots on the internet.

Spam: a means to an end

One may wonder what harm spam does besides slowing computer and internet response. The real harm is in its pernicious use. One of the cybercrimes with analogs in The Sopranos’s television program is extortion. Millions of computers can be used to launch a denial of service attack against a target company. The computers send an overwhelming amount of spam that can close an internet site. Like The Sopranos, a small insurance payment will stop the attack. Continued insurance premiums will prevent its recurrence.

Another online crime with a real world analog is phishing. Spam is the means crooks use to “phish.” Phishing expeditions send millions of message to unsuspecting users who become victims. The now familiar messages may be warnings from the security division of your bank that your account has been compromised. The message requests verification of the account number and password. I have received almost 20 of those messages and luckily, the first 15 or so were from institutions in which I had no account. The sheer volume of a single message sent is staggering. The different versions of the phishing message make that volume mind boggling. It only takes a small percentage of consumers to release sensitive information for the crooks to prosper. After all, they are using stolen goods, other people’s computers and the internet, to launch their attacks. Cost are low and the potential pay off is large. Industry sources estimate that phishing-based cybercrime may net $2 billion this year. The phishing scams may involve fake websites that look authentic and fool users into disclosing their personal and financial information. That immense payoff has triggered an enormous anti-fraud response.

In the continuing war of move and countermove, the good guys have evolved an arsenal of anti-fraud tools. One is the web-browser based “toolbar.” The toolbar employs technology which can detect when users have visited a suspected phishing site. That can be an important part of user protection. However the bad guys have found a way to thwart the toolbars. They have designed new methods of hosting their fraudulent websites that are harder to protect against.

One way the crooks succeed is to design programs that act like the AIDS virus. AIDS lies hidden and mimics the body’s own cells and thereby avoids triggering the body’s immune system. Unlike the polio virus, AIDS may change during replication so that medical antiviral methods, which depend on a stable viral target, fail to affect the new structure. One recent virus, Rustock.B, uses just this method of slight modifications with each new surreptitious installation to avoid antivirus attempts. The virus even seems to sense when security software is looking for it. It reacts intelligently by refusing to work and refusing to betray its presence.

Another more well-known method is to exploit vulnerabilities in software. Here activity seems much like a marathon. While the anti-crime forces research such weaknesses actively, sometimes they only come to light after criminals have exploited them. The major target of this criminal activity is Microsoft. In 2006, Microsoft issued almost 100 critical vulnerability notices and supplied fixes for those weaknesses. Each presented a criminal with the opportunity to attack vulnerable systems and take them over, even if the user did nothing more than logging on to the internet.

When one considers the context of vulnerability reports the situation is stark. The number of critical notices last year was only 37. The trend is ominous. Most of the targets were operating systems and Microsoft Internet Explorer (IE). Crooks were able to install software that recorded keystroke and passwords on affected computers without the user having a hint that the software was there. This is a case in which consumer education to avoid responding to spam frauds will do nothing to stop the loss of personal information.

It seems that nothing is safe. Web browsers like IE are just the beginning. This year saw attacks exploiting holes in productivity suites like Microsoft Office. There have been fresh attacks on popular programs like Winamp media player as well as Apple’s QuickTime media player. A security flaw in QuickTime allowed crooks to steal passwords from 100,000 MySpace.com users. Once the passwords were stolen, the crooks hijacked the accounts and used them to send spam. The ultimate insult seems to be the hole that existed in an anti-virus program.

Is there hope on the horizon?

Microsoft is reported to have made its soon to be released new operating system, Vista, a security robust piece of software. The program includes improvements that seal old holes and prevent some future intrusions. It comes with anti-fraud tools that should help make it more secure. Moreover, Microsoft has learned from its experience with Windows 98 and XP. Software developers have made system changes that lock “backdoors” and have made system settings resistant to resetting by viruses. The global problem is that many companies and most consumers will not switch to Vista in the short term, leaving the older systems operating, along with their vulnerabilities.

The situation will continue to be more challenging for marketers and computer users. One does not have to avoid the internet to be safe. Firewalls and up to date computer anti-virus protection will provide reasonable levels of security. In the meantime, it is helpful to know the symptoms of malicious software, in order to detect its presence and do something about it.

Symptoms of malicious software are as follows:

1. 1.

   Subtle signs:

2. 2.
   • •

     Poor computer system performance, including slower response times and longer start up or shut down times.

   • •

     Noticeable loss of internet connection speeds.

   • •

     Loss of hard disk space.

3. 3.

   Obvious signs of trouble:

4. 4.
   • •

     Pop-up advertisements appear even when the web browser is closed.

   • •

     Unanticipated web browser shutdowns.

   • •

     Access to various computer security sites is blocked.

   • •

     New desktop icons or toolbars suddenly appear.

   • •

     Browser’s home page resets and cannot be changed.

5. 5.

   Suggested remedies:

   • •

     Install a firewall and anti-virus software.

   • •

     Download security patches regularly.

   • •

     Be aware of what you are installing and only download software from trusted (not just familiar) web sites.

The stakes are great in the cybercrime battle. While the crooks have the incentive of profit at someone else’s expense, software vendors have the incentive of profit while serving their customers. Only time will tell whether the crooks or the good guys will win.

Robert JamesonPractice Management LLC, Columbia, Maryland, USA