| TrustDefender Labs Report - September 2007 |
|
TrustDefender Labs Quarterly Report – September 2007 Online users are overwhelmed and helpless by current security threats.The malware sophistication reaches new levels and new targets (social networking sites, skype etc …) have been found by the fraudsters.Table of Contents 1 Executive Summary Every single newly introduced security measure is quite easily circumvented by the ‘bad guys’. Today we have Anti-Virus, Anti-Spyware, Anti-Rootkit, Anti-Botnet, Anti-Phishing and Anti-you-name-it. All major software supports an automatic update mechanism, yet we still fail to protect the users’ computer. We look for the reasons for this in Chapter 2. The fraudsters are very active and unfortunately also very successful on all different fronts of the internet: Exploit Trust Network of Social Networking Sites, P2P Phishing/Malware (e.g. Skype, MSN, Yahoo), Webserver Exploits (e.g. Mpack, e.g. resulted in Bank of India Hack), Trojans/Rootkit/Malware (e.g. Torpig, Storm, ebay, …) This is just the tip of the iceberg. Today’s nastiest malware, which would be considered very sophisticated, is just starting to include a degree of intelligence. According to a recent TrustDefender Labs Workshop, the present malware still lacks key intelligence and it can be expected that future malware will be much more successful. Specifics of this workshop will be presented in Chapter 4. Furthermore, the growing botnet numbers are increasingly worrying given that their network and computing power is increasingly being used for the wrong thing. We have seen an increasing number of attacks against critical infrastructure (e.g. distributed denial-of-service-attacks against Online Banking Applications) as well as phishing and spamming attacks run from innocent home user’s computers. Chapter 6 discusses how the advent of social networking sites such as Bebo, Myspace, Facebook and others have been the target for an increasing number of attacks. The in-built trust network of these sites can be easily exploited. You only need one friend and you’ll be amazed what information you can get. The recent move by all major social networking sites to let the search-engines index the site’s user profiles will only make things worse. On the business side, internet consumers are being scared by government agencies, bankers’ associations and law enforcement agencies worldwide. Examples include the New Zealand Bankers Association which has moved towards stipulating consumer liability for online fraud in some cases in addition to remarks by the German and US government that they are working[3] on a government Trojan that will not be detected by any antivirus engines. The logical conclusion is: if they can come up with something like this, the ‘bad guys’ can too! Furthermore there has been a lot of government activity in the past three months in relation to Estonia vs. Russia, China vs. Germany, China vs. USA. Overall, we have experienced a rather busy quarter in relation to online security breaches and changes and the ‘bad guys’ have been constantly coming up with new ideas. Please click here to request a copy of the report! -------------------------------------------------------------------------------- [1] Newton's laws were first published together in his work Philosophiae Naturalis Principia Mathematica (1687). [2] Formally stated, Newton’s Third Law is: “For every action, there is an equal and opposite reaction” [3] Recent incident indicates that these Trojans could already be developed. |
Featured Event
Meet the TrustDefender Team at the AusCERT 2008 Conference in Gold Coast, Australia from 18-23rd May 2008. Visit us at our stand Cool Product
The Financial Trust Network is an open framework to provide the best possible protection for online banking customers with website, network and software policies. Featured Partner
Pixel IT is one of Australia's leading network solution providers for all types of organisations ranging from small business to large corporations, including academic and government departments.