Protecting Your Info: Threats and the Underground Economy
It used to be that hackers created viruses for notoriety. Now threats are primarily created for a single purpose: financial gain. And often organized crime is behind today’s threats, purchasing hackers’ exploits and bankrolling increasingly sophisticated methods of attacking Internet users. If public trust of online business falters, so will online business. Everyone must become educated about the types of threats that exist and the means to prevent them.
The most common activities consist of trying to steal bank account and credit card numbers, and passwords. There are several ways criminals can do this including phishing and keylogging. Often criminals will employ botnets to net as many victims as possible. Sometimes they just sell associative information, like addresses and memberships, in bulk.
To get ahead of Internet criminals, security companies like Trend Micro monitor IRC (Internet Relay Chat) channels where botnets are leased out and managed.
“That’s part of the overall intelligence gathering process,” said Paul Ferguson, Network Architect with Trend Micro.
“We try to keep a hand on the pulse of the criminal heartbeat. We also perform malware analysis to extract and extrapolate how different threats behave. Like any good citizen, we contact law enforcement agencies when we run across egregious criminal activity.”
Some of these IRC channels are like a flea market, with people advertising 200 credit card numbers for $10 a piece or selling them for as little as $1 per credit card number.
In order to create botnets, many attacks are composed of Blended Threats, threats that combine a variety of attack techniques. For example, a consumer clicks on a link in a spam email unknowingly downloading a Trojan onto a computer system, then making the infected system a member of a botnet. Unsuspecting users are duped into clicking on tempting links embedded in emails such as “Check out my new photos” or “Buy Rolex watches cheap”. These bad links exploit browser vulnerabilities by placing malware on their systems in what Ferguson calls “drive by downloads”.
“There has been a lot of activity on social networking sites like MySpace and You Tube lately,” Ferguson said. “People surf to popular sites and end up downloading a Trojan without knowing it. Then they are infected with malicious code or a zero day vulnerability.”
Once there’s a back door into a system it can be used for any number of things. The bot controller, or botmaster, can download new components for use in Denial of Service (DOS) attacks, or information gathering, such as keyloggers that email certain info to email drop boxes. Once login ID and passwords are found, that information is communicated back to the keeper of the bots.
Trend Micro researchers are also encountering darker financial motives, such as gathering proprietary information from government, corporate espionage, and financial extortion.
Why the sudden proliferation of attacks? There are many talented programmers in the world who are faced with slow job markets or lured by lucrative paychecks. Many of these programmers reside in Latin America, Eastern Europe and Asia, all of which have a history of organized crime.
In order to prevent such attacks from happening to you, use anti-virus software and solutions from a reputable security vendor, keep it updated and continuously educate yourself (and your employees) about the types of threats that are occurring.
Service providers, infrastructure vendors, small businesses, consumers, and enterprises all have many different potential problems not only in preventing and mitigating infection, but also what to do when the system is already infected. Different sized of businesses receive different portions of the threats.
