Boomtime for Malicious Hackers

Facing a persistent deluge in malicious code, IT security managers need to test their systems and stay current on security research.

Mon, August 06, 2007CSO It’s a good time to be a malicious hacker. That’s because even though it’s not a time of revolutionary new techniques in hacking for profit, business is booming for the established methods. Despite increased investment in information security defenses, the good guys continue to lag badly behind. According to one report by Sophos, which called the recent uptick in malware a “deluge,” by April 2007, more than 250,000 websites were hosting malicious code and more than 8,000 were being added to that total every day.

A sample of the deluge:

Hackers compromised Google AdWords so that links on certain sponsored ads were redirected to the attackers’ website first, where an attempt was made to install a keylogging bot.

Zero-day exploits in Windows were discovered, including a critical flaw in animated cursor files that would allow an attacker to commandeer a PC.

Incidents of iFrame malware —code that lives in an invisible-to-the-eye frame on a website and delivers bots onto the PCs of people visiting the site —have increased.

Credential-stealing bots like Gozi and Torpig continued to troll for personal banking information on infected computers.

A hacker won $10,000 breaking into a Mac through the Safari browser, which was followed by Apple releasing a patch for 25 vulnerabilities.

A researcher announced she is planning to demo ways to install rootkits and perform encryption attacks on Microsoft’s new Windows Vista product at this summer’s Black Hat conference.

A 17-year-old was charged with hacking into AOL, using a phishing scheme against AOL employees and using unauthorized instant messaging accounts, with the intent to transfer confidential data.

The only response for many information security professionals is to stay on top of the latest developments and prioritize response according to need. But that’s getting harder to do with the sheer volume of information on new attacks.

Many are also met by apathy or skepticism when trying to shed light on the problems. “It is hard to discuss solutions when no one believes there is a problem,” says Eric Hacker, a CISSP who works for a technology company. “The culture cannot mix security and business for whatever reason.”

Attack Readiness Basics

In light of persistent attacks, security experts urge security and IT executives to do the following basic routines to stay ready and prepared for malicious code assaults:

1. Perform a complete penetration test and audit of your website. Close up any iFrame vulnerabilities.

2. Prepare for an increasing number of bot infections and have a response plan ready.

3. Keep up on the latest research and intelligence on current attacks.
Loading...
Security MarketSpace
White Papers
Cost Effective Data Loss Prevention
Learn how Data Loss Prevention technologies can in fact be deployed in a cost effective manner. Learn more »
Data Loss Prevention and Enterprise Rights Management
Enterprise Management Associates highlights the complementary values of Data Loss Prevention and Enterprise Rights Management as a strategic approach to information risk control. Learn more »
Eliminate the Impact of Distance
Learn how to be prepared to adapt your environment in a way that supports distributed employees, anytime anywhere collaboration and the need for business continuity during a disaster. Learn more »
Webcasts
Why Data Loss is Increasing--and What You Can Do About It
Maximizing the Business Value of the PC Infrastructure
Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »
Accelerate Your Virtual Environment
 Rapid Replication for Virtual Servers Learn more »
 
SPONSORED LINKS
 

Data Loss Prevention: A Better Way to Approach Security

Stop Application Fraud at the Source with Device Reputation

Ready to Act: 3 Recommendations for Agile Processes

Automating the Generation and Secure Distribution of Excel Reports

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Introducing the new HP ProLiant G6 server family

Losing Ground: 2009 TMT Global Security Survey

Software Executives: Take Control of Your Organization's Code Quality

Delivering Secure and Reliable Data through Spreadsheet Automation

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Gartner Shares Predictions for 2009

Accenture IT Consulting: Enabling high performance. More...

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords