Security informational articles

Why malicious programs broaden so quickly? - defense


It seems that at the moment cybercriminals fancy cash to fun. That is why malicious programs of a range of kinds (viruses, worms, Trojan horses, etc. ) are very often aimed at stealing advantageous -- in a absolute sense of this word -- concealed and economic information. When written, these programs are allot all over the Web.

What do means of their circulation have in common? Idea a bit about it will help us everyday Web users accomplish how to perform online and what to avoid.

Let's use logic and good old conventional sense. What do you think are the most appropriate (for a criminal)means to apply malicious code? The come back with is more or less obvious. It is amazing which, first,ensures his inscrutability and, second, offers victims (i. e. us) very diminutive or no guard alongside malware. Last, but not least -- this means must be very cheap or, even better, free.

(I'll confine in my opinion to mentioning only those means which put in danger EVERY Internet user. Not all exchanges files or downloads music and freeware. But is there any person who doesn't send and recieve email or visit websites?)

Well, if you were a cybercriminal who sought to allotment a malicious agenda abruptly and as far and wide as possible, how would you deal out it?

What first comes to mind? First, transfer grimy emails by means of spam. It is likely (and not too challenging for, say, a programmer) to enclose in effect whatever thing into the attachment. With more effort, a programmer can construct a communication lacking any attachments that will infect a PC anyway.

Though many email benefit providers offer basic anti-virus protection, they aren't obliged to do it. How effectual this armor is -- that's a further question.

Besides, spam is very cheap to distribute. Of course, spammers of all stripes don't use their own machines. Why must they? They desire PCs which became at all illicit after being infected with a exclusive program. Cybercriminals build huge networks of such gear and hire them out to spammers. Using "bots" (they are also called "zombies" or "slave computers") gives a spammer so valued obscurity -- spam mail come to frustrated PC users from IP addresses registered anywhere on the other side of the globe.

What about other possibilities? Websites. Malicious websites are very dangerous. Cybercriminals construct them exclusively to effect malicious code on the visitors' computers. At times hackers infect legitimate sites with malicious code.

When unsuspecting users visit malicious sites, a mixture of nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications control keyloggers--software programs for stealing information.

Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture the lot the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A diminutive more advanced programs of this kind also capture text from windows and make screenshots (record the lot displayed on the screen) -- so the in sequence is captured even if the user doesn't type anything, just opens the views the file.

Blogs can be dirty with malware, too. In April experts from Websense Collateral Labs warned users that they bare hundreds of these "toxic" (contaminated with malcode) blogs set by hackers. Blogs are as it should be for them: there are large amounts of free cargo space space, no character substantiation is essential to post, and there is no scan of posted files for viruses, worms, or spyware in most blog hosting services.

Three months passed, and here is the quote from a new Websense account on the rampage this Monday, July, 25th : "hackers are using free delicate Web hosting sites provided by nationally- and internationally-known ISPs to store their malicious code?" This July Websense detected that these sites are used for this drive much more often. The company's elder administrator of defense and expertise delve into said that "in the first two weeks alone we found more instances than in May and June combined. " By all means it's a tendency, and a very alarming one.

Such sites are free and easy-to-create. With the be in the region of natural life of connecting two and four days, they are awkward to trace. Free hosting armed forces hardly ever offer even basic defense tools. Short-lived websites,no files scanning for viruses, nonentity prevents "authors" form uploading executable files - isn't such a site an ideal tool for distributing malicious code?

Anonymity of the author -- no end user guard -- no cost. What else can a cybercriminal wish? That is why there was the occurrence of "toxic blogs" in April - and that's why contaminated free websites are multiplying so briefly now.

But how to dirty as many computers as possible? It is the aim of cybercriminals, isn't it? The more traffic, the more programs lands on end users' computers. Hackers be a magnet for transfer to malicious websites by carriage a link all the way through spam or spim (the analog of spam for instantaneous messaging (IM).

They are ingenious in discovery new ways to make ancestors open an attachment or click on a link to visit a a number of website, despite the fact that colonize are constantly told not to abide by links in spam.

Just some of their dodges -- disguising infected spam emails as CNN news alerts, branch of learning lines with "breaking news" like "Osama bin Laden caught", "Michael Jackson tried to commit suicide". How about celebrities in the nude? Just click! And, one of the latest, an "amateur video" that presumably shows London bombing sights.

These (and similar) tricks are by and large called community engineering. Online criminals have befall good psychologists -- the big bucks which crimes like online bank fraud can bring bowed them into grave students.

However, there is one thing that spoils the mood of those who allot malicious programs.

To hackers' deep regret, colonize be converted into more aware of the risks they face in the Internet. A study by Pew Internet and American Life Endeavor on the rampage on July 6th shows that:

91% (!) of respondents (adult Internet users from the U. S. ) altered their conduct online one or way another. 81 % have befall more precautious about e-mail attachments 48 % have closed visiting a few websites which are said to be harboring malicious programs Associates stop using file-sharing software (25%) and even start using Mozilla, Firefox or other browser as a replacement for of Internet Voyager (18%)

Well done! Actually, there is naught left for us users but to befit more conscious of the threats and more careful in the Web. Every PC user has to care for his in a row himself, caring his own central processing unit anti abundant data-stealing programs of all sorts.

But don't you think that guard alongside a mixture of malicious programs shouldn't be only end users' clandestine business? It is up to benefit providers to offer at least basic fortification for end users and break this "triad" (Anonymity of the designer -- barely or no end user fortification -- diminutive or no cost) which enables all this crap to broaden so easily.

Alexandra Gamanenko now works at Raytown Corporation, LLC -- an all-embracing software increasing band that provides a range of foodstuffs and military for in sequence security. Software aimed at construction characteristics theft impossible, armed forces like bubble-like email and confined Web hosting are only small part of what this business offers.

Learn more -- visit the company's website http://www. anti-keyloggers. com


Developed by:
home | site map © 2019