Online threats outpacing law crackdowns

SCOTTSDALE, Ariz.--Authorities are cracking down on phishing and botnets, but the threats are advancing instead of diminishing, two law enforcement officials said.

Cybercrooks are organizing better and moving to more sophisticated tactics to get their hands on confidential data and turn PCs of unwitting users into bots, representatives from the U.S. Department of Justice and the U.S. Air Force Office of Special Investigations said in separate presentations here at the Computer Security Institute's NetSec event this week.

Law enforcement has had increased successes in catching, prosecuting and convicting phishers and bot herders over the past couple of years. However, catching the bad guys is getting tougher as the criminals become more professional, the representatives said.

"We're seeing increasingly sophisticated groups online that are more indicative of crime groups," Jonathan Rusch, special counsel for fraud prevention at the Justice Department, said in a presentation. The criminals who have been caught range from teenagers to retirees, he said.

Rusch spoke about phishing, a prevalent type of online attack that combines e-mail spam and fraudulent Web sites made to look like trusted sites, which are aimed at tricking a user into giving up sensitive information such as a credit card or Social Security number. Almost 17,500 phishing Web sites were reported to the Anti-Phishing Working Group in April.

A top phishing concern is the increased use of malicious software, Rusch said. Increasingly, phishers use Trojan horses that pack backdoors, screen grabbers or keystroke loggers to capture log-in names, passwords and other information, he said. In April, there were 180 unique examples of such malicious code, he said.

Backdoor software gives attackers remote access to an infected PC, which could let them piggyback onto a user's Internet connection and conduct online transactions from the victim's PC while masquerading as the person, Rusch said.

"Botnets are one of the greatest facilitators of cybercrime these days. Really the cybercrime arena is wrapped around botnets."

--Wendi Whitmore, special agent, Air Force Office of Special Investigations

Screen grabbers and keystroke loggers can be programmed to capture very specific information and are even designed to wait until a user logs on to a certain banking Web site and send that information to the attacker.

Malicious software is where phishers intersect with bot herders, those who run networks of compromised machines, called a bot net. Computers typically become compromised and turned into a bot, also popularly called a zombie, after visiting a malicious Web site or opening an infected e-mail message or attachment. The bot software often nestles itself on a PC unbeknownst to the user by exploiting an unpatched security flaw on the system.

Law enforcement has been catching up to bot herders, and there have been some high-profile convictions. But here, too, the battle is getting harder, Wendi Whitmore, a special agent with the Air Force Office of Special Investigations, said in a presentation on botnets.

"Botnets are one of the greatest facilitators of cybercrime these days. Really the cybercrime arena is wrapped around botnets," she said.

With ubiquitous broadband connections and exploits for security flaws in software out before patches, the Internet environment is ideal for bots or zombies to proliferate, she said. That assertion is backed by a recent analysis by Microsoft. The software maker found that bots were the most common Windows threat, with more than 60 percent of compromised computers running bot code.

A zombie PC can be used by miscreants to store illegal content, such as child pornography, or in a botnet to relay spam and launch cyberattacks. Additionally, hackers often steal the victim's data and install spyware and adware on PCs, to earn a kickback from the spyware or adware maker.

Practice makes perfect
Meanwhile, bot masters are getting smarter about hiding. Today, most botnets are controlled using Internet Relay Chat, or IRC, servers and channels. Soon that could become instant messaging, peer-to-peer technology or protocols used by Internet phone services such as Skype or Vonage, Whitmore said.

"That is something that we're worried about because those protocols are proprietary," she said. "They don't publish routing protocols; it would be very difficult to catch that kind of crime."

Also, Whitmore expects cybercrooks to maintain smaller botnets with the hope of staying under the radar. People being caught today operate networks of as many as 1 million PCs. "There is a greater chance that you're going to get caught, if you do that much activity and command and control that many computers," she said.

Cybercriminals are often after data they can turn into cash, such as credit card numbers or even trade secrets. "If you have a smaller botnet and you combine that with targeted, really sophisticated social engineering tactics, you're going to be potentially a lot more successful," Whitmore said.

The military has seen a rise in such attacks over the last couple of years, Whitmore said. The attackers know what organizations work together, which generals would be involved and what issues they would talk about, she said. It's "incredibly disturbing, because those are the kinds of things that should be kept somewhat secret," she said.

[hadaso]

You don't need security software

Just stop browsing the web and reading email in an administrator account. The websites you browse and the spammers who send yo email don't need to have administrator privileges on your computer (actually they do need those so they can it over. Don't let them. Go to "control panel", then to "User accounts". Create a "limited account". Use only that account unless you really need to do maintenance on your system, such as system updates, or if you absolutely need to use software that doesn't work in a limited account. If the software is not something used for maintaining your system it shouldn't need any admin privileges and should run under a "limited" user's account. If it doesn't consider using an alternative. If the vendor cannot make it work without accessing privileged system resources that are only needed for system maintenance the software probably isn't very secure.)<br /><br />The "privileges" that come with your account are provileges granted to the software you run, not to you. You can always switch to an admin account on your computer. You should ceertainly not grant admin permissions to the software run by the email you recive or the websites you visit!

[Zymurgist]

Good advice, though incomplete.

That's good advice, though incomplete. While <br />running as a limited user may stop some malware, <br />it won't stop the most insidious malware. There <br />are a number of vectors for infection that can <br />circumvent that under current versions of <br />Windows (hopefully addressed in Vista). You can <br />find some proof-of-concept code out there on the <br />net and try it yourself. <br /> <br />No, your best bets are: good up-to-date security <br />software (none are complete, but most are quite <br />good), if you have the know-how and resources, <br />running your Internet client software in a VM <br />that doesn't save changes to disk (ref VMWare's <br />products), or skip Windows altogether (there are <br />several good alternatives these days).

[stacksmasher]

Dude shut up.

Are you insane? Stop living under a mushroom and do some more research.

[209979377489953107664053243186]

encryption on both ends

Websites getting bot attacks should try html encryption, which would prevent actual source code from being viewed, particularly email addresses.<br /><br />For your computer, shielding your sensitive information from unauthorized access is the safe bet. Using a combination of encryption and usage control over files and email should be a part of your firewall security practice.<br /><a class="jive-link-external" href="http://www.essentialsecurity.com/products.htm" target="_newWindow">http://www.essentialsecurity.com/products.htm</a>

[Stalin Hornsby]

Guide lines for software program protectionfrom home office; Emu?

Latest web-logistics have lent me into the unknown arms of a notorious skylore. My "yea yea" file extraction utility is in ***!<br /><br />'Blues Clues"; maybe very unimportant except to free wi-fi tunes.

[Soularddave]

threat to efficiency of the WWW

Seems to me that ISPs, the government, and endusers would be interested. The garbage out there clogs the WWW and could well be eliminated. Homeland Security, it would seem, would be the right agency to clear this up in a hurry. <br /><br />There ought to be a quick &#38; easy reporting/complaint procedure. If eBay can do it, everyone else should be able to.<br /><br />If the government can't effect a crackdown, we should all be worried about it's ability to deal with anything.<br /><br />Any more ideas?<br /><br />Dave

[Stan Kee]

re: threat to efficiency of the WWW

I rather educate myself to deal with the problem than invite the heavy hand of government. The internet so far has survived without government intervention, lets keep it that way.