Monday, April 4, 2011

Crime targets mobile and social sites

Smartphones and social networking sites are likely to become the next big target for cyber criminals, according to a security industry report.

Symantec's annual threat analysis warns that the technologies are increasingly being used to spread malicious code.

Users of Facebook, Twitter and Google's mobile operating system, Android, are said to be particularly vulnerable.

However, the number of attacks remains small compared to other online crimes such as e-mail phishing.

According to Symantec, known vulnerabilities in mobile operating systems rose from 115 in 2009 to 163 in 2010.

In several cases, the security holes were exploited and used to install harmful software on Android handsets - suggesting that criminals now view smartphone hacking as a potentially lucrative area .

At least six different varieties of malware were discovered hidden in applications that were distributed through a Chinese download service.

"It is something we have started to see happen, albeit on a small level," said Orla Cox, security operations manager at Symantec.

"It allows people to do a variety of things from intercepting SMS messages to dialling toll numbers. They have opened up the possibility of what is there."

Several pieces of malware were also found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected.

The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack.

Rogue applications

On Facebook and Twitter, Symantec's analysis highlighted several different types of threat.

Among the most prevalent were web links that encourage users to click through to other sites containing malware and rogue applications, designed to collect personal information.

The company estimates that one in six links posted on Facebook pages are connected to malicious software.

User information is said to be particularly valuable in "social engineering" attacks, where criminals use knowledge of an individual to trick them into scams that appear to relate to them personally.

The report also raises concerns concerns about shortened URLs, such as http://tiny.cc/jumqm.

Such systems are widely used to shorten web addresses, but they also make it harder to tell what the target site is. Sixty-five per cent of malware links on social networking websites were found to use shortened URLs.

Attack toolkits

Symantec makes its money selling internet security software and services to individuals and corporations

Its annual Internet Security Threat Report - based on data supplied by users around the world - is generally regarded as a reliable measure of changing trends in cyber crime.

Globally, the company recorded a 93% increase in the volume of web-based attacks between 2009 and 2010.

The dramatic rise was largely attributed to the widespread availability of "attack toolkits" - software packages that allow users with relatively little skill to design their own malicious software.

Toolkits are available to buy online for as little as a few pounds and as much as several thousand for the latest versions.

The most popular attack kit was Phoenix, which exploits vulnerabilities in the Java programming language - commonly used for web-based applications.

Symantec's report also notes a rise in the number of targeted attacks, where specific companies, organisations or individuals are singled out.

The most sensational targeted attack of 2010 was undoubtedly Stuxnet. The software worm was designed to take control of mechanical systems used in Iran's nuclear plants.

It has been widely speculated that the USA or Israel may have played a role in its creation.

Despite Stuxnet's headline-grabbing nature, Orla Cox believes that it may not be indicative of things to come.

"It was interesting to see that it is possible to attack physical systems. I think it unlikely that we will see a whole slew of attacks of that nature," she said.



Powered By WizardRSS.com | Full Text Feed | Amazon AffiliateHud Settlement Statement

Clean up begins after site attack

The Lizamoon website attack seems to have ensnared relatively few victims.

The massive attack managed to inject the name of several rogue domains into hundreds of thousands of websites.

The link led to a page that carried out a fake virus scan and then recommended fake security software to clean up what it supposedly found.

But despite the huge success by the attackers, swift action by security firms looks to have limited the number of victims.

Blocked visit

The Lizamoon attack was first detected by security firm Websense on 29 March and initially the rogue domains were only showing up on about 28,000 websites.

However, as Websense began tracking Lizamoon the sheer scale of the attack became apparent. By late on 3 April, Google was reporting that more than four million webpages were showing links to the domains involved in the attack.

The way Google counts webpages makes it hard to estimate exactly how many websites were hit but security firms said the number ran into the "hundreds of thousands".

The attack got its name because the first rogue domain appearing on compromised sites was lizamoon.com. A further 27 domains were also used as re-direction points.

The numbers of victims who followed the link, suffered the bogus scan and then bought the fake security software or "scareware" was also hard to estimate.

The many domains used by Lizamoon's creators to peddle their scareware were shut down very soon after they were created thanks to the efforts of security researchers.

Some of the sites being used were notorious for harbouring scareware and other malicious programs and some security programs have been blocking them for weeks. This also may have helped to stop people ending up on the dangerous domains.

Rik Ferguson, senior security advisor at Trend Micro, said it had only seen a "small" number of victims.

As one of the firms that blocked the domains used in the attack before the attack was ramped up, it could monitor how many customers actually visiting them.

He said Trend Micro blocked just over 2,000 attempts to visit the domains.

"The sites that were compromised by the SQL injection attack were comparatively low profile sites and thus the attack did not gain significant momentum," he said.

Graham Cluley, senior security analyst at Sophos, said home PC users were probably the most likely victims of the attack.

"Attacks like this one do underline the poor security that exists on many websites on the internet," he said, "including sites belonging to well-known organisations and brands."

"It shouldn't be so easy for hackers to inject their malicious codes onto legitimate websites that receive lots of traffic, and too many firms are making it too easy to pass infections on to their customers," he added.

What is currently resisting analysis is the exact route the attackers have taken to get their domains showing up on websites. Initial suggestions that versions of Microsoft's Windows server products were the common link have not been borne out by events.

Efforts are now underway to produce a quick fix for sites hit so they can update and remove the risk of falling victim to copycat attacks.

The only trait that compromised sites seem to share was that they were small to mid-tier websites, a list of those hit included astronomy groups, social clubs, hospitals, sports teams, funeral homes and many others.



Powered By WizardRSS.com | Full Text Feeds | Amazon PluginsHud-1

Cancer charity to tidy up wikipedia

Cancer Research UK is turning its specialists loose on the internet to get them to tidy up the online encyclopaedia - Wikipedia.

The charity said many people researching the subject are turning to the website.

But it said there were problems with accuracy and clarity on some of the pages.

Wikipedia said it encourages experts to edit the site as they have a lot to contribute.

Cancer Research UK's website has pages of detail about a range of cancers.

However, using a search engine for the terms "Breast Cancer" puts the charity in eighth place on the results page. Wikipedia comes second. A trend it repeats across other cancers.

New audience

Wikipedia said it had more than 3.5m page views for cancer-related content in January 2011.

Henry Scowcroft, scientific communications manager for Cancer Research UK, said: "It has been our intention for a long time to be involved in the online discussion outside of our own website."

"Wikipedia is nearly always at the top of an internet search for cancers. It's not always that easy to understand and sometimes it can be inaccurate or not completely up to date."

"We want to increase the accuracy and clarity."

So far they have created a new entry on the hallmarks of cancer as well as information about screening for human papillomavirus, which can cause cervical cancer.

The charity has not decided how many staff should contribute to the site, or how much time they should spend doing it.

Mike Peel, from Wikimedia has been training staff from Cancer Research. He said: "Expert editors are really vital and have a lot to contribute."



Powered By WizardRSS.com | Full Text Feeds | Amazon PluginsHud-1