Arun Marballi

Over the last couple of years computer protection has morphed from a search-and-destroy mission against viruses and spyware to protecting ourselves from phishers, identity thieves and cyber crooks trying to get at our credit and finances.

Hitherto, we have relied on the use of antivirus and anti-spyware software for protection. However, these defensive methods have one major problem, they are based on virus and spyware signatures to thwart attacks and this means for the malware to be detected, someone must first encounter it, then they must report it and finally the malware's signature must be included in the signature file for distribution as an update to the detection software installed on our computers.

With today's increasingly sophisticated, constantly evolving malware, signature-based detection systems have lost some of their edge. Furthermore, the method for delivery of this malware has shifted from a file and e-mail borne method to primarily using rogue or cloned websites masquerading for genuine websites. The end-users' computer is no longer the target; instead it is the Web Site visitor going to a "trusted" web site who is now the target. Most of these masquerading web sites are put up automatically by zombie computers or botnets and according to Security Research firm Websense it takes just five hours for the bad guys to start farming data collected by these websites for financial benefit.

The trick is to detect these suspicious computer-generated web addresses quickly enough to deactivate them before the five-hour threshold is up. To help do this Websense has developed a tool that looks for registered domain names (Web addresses) that contain combinations of letters and numbers that are meaningless from a human point of view because computer generated addresses tend to be a combination of randomly juxtaposed letters and numbers. Upon finding these websites, they are examined and if found to be malicious, they are shut down.

Trusted websites such as Social Networking websites also may be compromised by hackers breaking into them and planting malicious software that will install itself surreptitiously on visitors' computers and silently track and record personal and confidential information.

This mode of attack is enabled because many of these trusted websites are hosted on computers that are inadequately patched and consequently vulnerable to being compromised. Many of these vulnerabilities rely on ActiveX plugins (software components that plug into the browser software for enhanced usability features) and javascript components. In the past crooks targeted financial sites. But with the increased security measures taken by those websites, they have turned their attention to easier targets such as Social Networking sites.

Social Networking sites such as MySpace attempt to control and filter the links on its site. However, as in all cases where control is enforced, people so-inclined find a way to bypass it. In the case of MySpace, security researchers from Websense have uncovered what they call a "link hack" wherein the person behind the attack has reportedly found a way to evade MySpace.com's mechanism for taking the user clicking a link to another MySpace page.

The misdirected link instead takes the user to a MySpace phishing site that looks just like the MySpace site. The danger in this is that the miscreant is preying on the MySpace user's trust for achieving their misdirected objectives (no pun intended). This technique has been found in many of the new Web 2.0 websites where a user's trust is blatantly exploited.

The law of unintended consequences also is very much alive in the world of computer security. According to researchers at the University of Washington, about 1 percent of the web pages being delivered on the Internet are being changed in transit.

It appears that a small number of Internet Service Providers (ISPs) - again someone that the user trusts - have been injecting Advertisements into Web Pages being delivered to their subscribers. In doing this, the ISPs inadvertently sometimes inserted security flaws into the web page thereby compromising the user's computer and making them vulnerable to attack.

Finally, who do you trust in your world of computers, Internet and security? And have you examined your trust lately?

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home