TrustDefender Labs Quarterly Report – September 2007

Online users are overwhelmed and helpless by current security threats.

The malware sophistication reaches new levels and new targets (social networking sites, skype etc …) have been found by the fraudsters.

Table of Contents

1 Executive Summary
2 Why is Desktop Security still an issue?
3 Learn from the bad guys: Mpack + Torpig
4 Internal Workshop: sophistication vs. key intelligence for trojans/rootkits/... past, present, future.
5 Botnets: the implications.
6 Social Networking sites: A new threat.
7 How governments and banks struggle to keep up with the bad guys: An overview
 
1 Executive Summary
More than 300 years ago[1] Sir Isaac Newton formulated his Third Law of Motion, which states that every action will result in a reaction[2]. The same principle seems to be true for the online fraudsters today.

Every single newly introduced security measure is quite easily circumvented by the ‘bad guys’. Today we have Anti-Virus, Anti-Spyware, Anti-Rootkit, Anti-Botnet, Anti-Phishing and Anti-you-name-it. All major software supports an automatic update mechanism, yet we still fail to protect the users’ computer. We look for the reasons for this in Chapter 2.

The fraudsters are very active and unfortunately also very successful on all different fronts of the internet: Exploit Trust Network of Social Networking Sites, P2P Phishing/Malware (e.g. Skype, MSN, Yahoo), Webserver Exploits (e.g. Mpack, e.g. resulted in Bank of India Hack), Trojans/Rootkit/Malware (e.g. Torpig, Storm, ebay, …)

This is just the tip of the iceberg. Today’s nastiest malware, which would be considered very sophisticated, is just starting to include a degree of intelligence. According to a recent TrustDefender Labs Workshop, the present malware still lacks key intelligence and it can be expected that future malware will be much more successful. Specifics of this workshop will be presented in Chapter 4.

Furthermore, the growing botnet numbers are increasingly worrying given that their network and computing power is increasingly being used for the wrong thing. We have seen an increasing number of attacks against critical infrastructure (e.g. distributed denial-of-service-attacks against Online Banking Applications) as well as phishing and spamming attacks run from innocent home user’s computers.

Chapter 6 discusses how the advent of social networking sites such as Bebo, Myspace, Facebook and others have been the target for an increasing number of attacks. The in-built trust network of these sites can be easily exploited. You only need one friend and you’ll be amazed what information you can get. The recent move by all major social networking sites to let the search-engines index the site’s user profiles will only make things worse.

On the business side, internet consumers are being scared by government agencies, bankers’ associations and law enforcement agencies worldwide. Examples include the New Zealand Bankers Association which has moved towards stipulating consumer liability for online fraud in some cases in addition to remarks by the German and US government that they are working[3] on a government Trojan that will not be detected by any antivirus engines. The logical conclusion is: if they can come up with something like this, the ‘bad guys’ can too! Furthermore there has been a lot of government activity in the past three months in relation to Estonia vs. Russia, China vs. Germany, China vs. USA.

Overall, we have experienced a rather busy quarter in relation to online security breaches and changes and the ‘bad guys’ have been constantly coming up with new ideas.
Unfortunately, we believe that this will be the norm for the next few years, as countermeasures by the security industry are reactive rather than proactive.

Please click here to request a copy of the report!

--------------------------------------------------------------------------------

[1] Newton's laws were first published together in his work Philosophiae Naturalis Principia Mathematica (1687).

[2] Formally stated, Newton’s Third Law is: “For every action, there is an equal and opposite reaction”

[3] Recent incident indicates that these Trojans could already be developed.