Malicious Code is More Covert, Websense Report
The Websense® Security LabsTM 2006 Semi-Annual Web Security Trends Report, which summarizes findings for the first half of 2006 and presents projections for the remainder of 2006. The report shows that the volume of attacks increased and malicious code became more covert, less recognizable and more targeted toward financial gain.
Not only has malicious code become more sophisticated, but the infrastructure supporting its creation and spread has also become more complex. Of the sites designed to steal credentials, almost 15 percent are derived from toolkits, an emerging tactic from the hacker community. These kits, made by professional malicious code writers, are often for sale on the internet and allow non-sophisticated users to launch sophisticated attacks against operating system exploits and vulnerabilities.
The criminal motive of attacks has also become more apparent as traditional hacking for fun has been replaced with activities designed to steal confidential data to reap financial rewards. The report notes a 100 percent increase in sites designed to install keyloggers, screen scrapers and other forms of crimeware. Conversely, Websense has seen more than a 60 percent drop in websites designed merely to change user preferences, such as browser settings.
In the first half of 2006, Websense successfully identified and mitigated several new high-profile exploits and widespread web attacks including the continued assault on the Microsoft Windows Metafile (WMF) vulnerability and the Internet Explorer "zero-day" create text vulnerability.
According to the report, Websense Security Labs has seen increased exploitation of both web servers and web browser/client technologies. Automated vulnerability scanning for server and client exploits is getting more intelligent, and attackers are taking full advantage of these exploits. During the first half of 2006, 35 percent of all malicious websites were hosted on web servers that had been compromised.
Highlights from the First Half 2006 Security Trends Report
* Websense Security Labs has seen a 100 percent increase in sites designed to install keyloggers, screen scrapers and other forms of crimeware. Conversely, the organization has seen more than a 60 percent drop in websites designed merely to change user preferences, such as browser settings.
* Websense Security Labs saw a significant increase in the number of phishing targets. In fact, as many as 8-10 new targets are being discovered every day. The Labs also notes that phishing toolkits are now being used to enable easy phishing. For example, one fraudulent website may target as many as 50 different banks under individual subdirectories.
* During the first six months of 2006, Websense Security Labs saw more cases - and more sophisticated use - of cyber-extortion. This form of cyber-extortion allows malicious hackers to keep data hostage on an end-users machine while demanding a monetary sum to unlock the data. Along with the higher numbers, the Labs noted better encryption, making it harder to recover the data and to reverse engineer and develop effective countermeasures.
* Websense Security Labs discovered more botnets (collections of compromised machines) using Peer-to-Peer (P2P) technologies to gain control, making it more difficult to disable them. The use of the web to control botnets has also increased; allowing botnet owners to more easily control the machines via a web page.
Major Findings by Websense Security Labs during the first half of 2006
* January 5, 2006 - Websense Security Labs was the first to discover more than 1,100 URLs that were attempting to exploit users who had not installed the patch for the Microsoft Windows Metafile (WMF) vulnerability which was discovered by Websense Security Labs in mid-December 2005. Most attacks were trojan horse downloaders which updated over HTTP and installed and ran other pieces of malicious code.
* March 24, 2006 - Websense Security Labs was the first to discover 200 unique URLs that were attacking a revealed Internet Explorer "zero-day" vulnerability that could allow code to launch without end-user consent. The most common attack was the use of shellcode to run a trojan horse downloader that downloaded additional payload code over HTTP. The additional payload was various forms of bots, spyware, backdoors, and other trojan downloaders.
* June 21, 2006 - Websense Security Labs reported on end-users being lured to install malicious code via Short Message Service (SMS) messages (also known as text messages). Victims received an SMS message on their mobile phone, thanking them for subscribing to a fictitious dating service. The message stated that the subscription fee of $2.00 per day will be automatically charged to their cell phone bill until their subscription is cancelled at the online site.
* June 21, 2006 - Websense Security Labs reported a new type of attack that used email and voice over telephone, otherwise known as Vishing. The Vishing attack targeted customers of Santa Barbara Bank & Trust. Like traditional phishing attacks, users received a spoofed email message. However, unlike the most popular forms of phishing, where users are lured to a fraudulent website, this lure directed users to a telephone number.
Reproduced from an article published by Technology New Daily
© Technology New Daily
The original article can be viewed here:
http://www.technologynewsdaily.com/node/4679
Permalink Bookmark Digg this story
