April 17, 2006 12:01 PM PDT

What's the next security threat?

In January this year, 20-year-old Jeanson James Ancheta pleaded guilty in a California court to charges that he had broken into government computers and taken control of them for purposes of fraud.

He had planted Trojan software on the systems at the China Lake Naval Facility in California's Mojave Desert, enabling him to manipulate computers on the network there. He had then used the computers to generate hits on Web site advertisements, for which the advertisers paid according to the traffic they received.

It sounds like an overelaborate and harmless prank, except that Ancheta admitted the scam had netted him $60,000 before it had been detected.

Furthermore, it emerged that he controlled some 400,000 computers around the world, which he could manipulate remotely to do his bidding--to generate advertisement traffic, to send out infected software to more vulnerable computers, to pump out spam.

Ancheta is typical of the new breed of criminal on the Internet, motivated by money and determined to work by stealth. The spyware or Trojan horses they plant on unsuspecting users' machines do not draw attention to themselves, but once installed, they work as slaves to their remote masters.

Users are rarely aware that their machines have been hijacked. The system continues to work, albeit slightly more slowly at times, and they have no control over the secret tasks it is being asked to perform.

Bot networks, which are armies of these hijacked computers, have become the predominant feature of the Internet threat landscape. According to security company CipherTrust, more than 180,000 PCs are turned into zombies every day, and that figure is continually rising.

The botnets are used by their owners to defraud Internet advertisers, as in Ancheta's case, or they can be rented out by the hour to those who want to carry out cheap mass-mailing campaigns. Extortionists may also rent them to launch denial-of-service attacks on legitimate Web sites.

These professional operations are taking over where the traditional hobbyist hackers left off. "We are seeing less of the big virus outbreaks such as Sasser and Blaster, and so some people believe the situation is getting better, when in fact it is getting worse," said Mikko Hypponen, chief research officer at security company F-Secure. "The bad boys are getting more professional and doing more targeted attacks."

He sees botnets as a major problem that cannot be easily fixed, because the hijacked machines are mostly home PCs connected to an ADSL line. "It takes a lot of end-user support to explain to a grandmother how to configure the computer. So most ISPs are not doing anything about it," he said.

New phishing grounds
Most analysts forecast that phishing attacks too will continue to grow in number and in sophistication.

David Sancho, an antivirus engineer at security company Trend Micro, gave an example of a recent attack in Germany which pretended to come from an electricity company. It asked recipients to check their bill by clicking on an attached PDF document, which is how the genuine electricity company operates. But the attachment in this case had a suffix of .pdf.exe, and planted a Trojan on the user's machine.

"Once active, it monitors every Internet connection, every access to Web pages and access to the bank, and reports it back to the creator of the Trojan," Sancho said. "It is smarter, because they don't have to set up a fake server."

Related coverage
Is your cell phone due for an antivirus shot?
Security and wireless industries disagree about how to fend off emerging threat.

F-Secure's Hypponen also forecast that phishers will find ways to crack the one-time passwords that some banks have introduced as a security measure. In one case, the user has a list of authorization codes on a slip of paper sent by the bank.

"The target is fooled into logging into a fake bank, where they ask for his authorization code. The fake bank logs into the real bank with the one-time password and moves money around. Then it gets back to the customer, says there has been a problem and asks him to give the next code," Hypponen said.

The biggest problem for the phishers, he said, is finding new suckers to fool. As more people become aware of phishing attacks, the attackers are going for smaller targets and into different languages, such as Greek, Czech and Finnish.

CONTINUED: Mobile virus vectors…
Page 1 | 2

See more CNET content tagged:
security company, phishing, F-Secure Corp., trojan horse, security


Join the conversation!
Add your comment
Verizon email blocking settlement.
To prevent email from being bounced, remove your Verizon pop 3 account, under MSN hotmail, under email options.
Posted by jimjv2005 (15 comments )
Reply Link Flag
Missing Internet Explorer beta?
Boy, people using Windows 98 must not really want IE 7 and Windows Vista to ship? Check the following url out: <a class="jive-link-external" href="http://www.microsoft.com/windows/ie/ie7/default.mspx" target="_newWindow">http://www.microsoft.com/windows/ie/ie7/default.mspx</a>
Posted by jimjv2005 (15 comments )
Reply Link Flag
There is a solution for the next security threats
CallingID is the best solution against security threats. It puts you back in control. When you visits a site you see who is the owner, if it is a real company and you can be sure that main security problems like phishing, DNS spoofing or even a site that hides its owner identity will automatically be shown
Posted by ba_oren (16 comments )
Reply Link Flag
ISPs are the problem and solution
Despite their desire to not get involved, ISPs are going to need to be the solution to the problem they've allowed to proliferate.

If I turn the water on in my apartment and leave it running for a month, eventually the apartment complex is going to shut off my water or at least have words with me, even though water is included in the monthly rent they charge me. (Or, they'll raise everyone's rent.)

Just wait until the day a major player like AOL automatically disconnects from Earthlink because its automated system detects too much spam coming from that network.

ISPs need to be more vigilant(sp?) about identifying and containing bots on its networks and about being less hesitant to shut down connections to neighboring networks who haven't done likewise.
Posted by TV James (680 comments )
Reply Link Flag
Computing Monoculture
Standard implementation of software -- a computing monoculture -- is what allows these security holes to be exploited easily enough for black hats to profit.

The solution is twofold: diverse implementations in the application and OS spaces, and open standards to allow interoperability.

Take the F/OSS computing landscape, for example. For OSes, you have Linux, the BSDs, and OpenSolaris. But they all share many of the same applications because of open source and open standards.

Diversity breeds strength in nature, and our artificial world we are creating in the form of the Internet and all its connected computers is no different. We need a multitude of architectures and operating systems so that malware infections cannot spread so quickly and easily through networks.

The huge number of Linux distros helps make the Linux world more secure in a macrocosmic sense.
Posted by alucinor (71 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.