Symantec Warns of Clever New Hacks

from NewsFactor.com 17/9/2007
Website: http://www.newsfactor.com

According to Symantec's latest Internet Security Threat Report, online criminals are getting more sophisticated -- even commercial -- in the development, distribution, and use of malicious code.

Symantec said that while financial gain continues to drive Internet crime, criminals are now using even more professional attack methods, tools, and strategies to conduct malicious activity online.

"The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing businesslike practices to successfully accomplish this goal," said Arthur Wong, senior vice president of Symantec Security Response and Managed Services, in a statement.

Sophisticated Toolkits

During the reporting period of Jan. 1, 2007 to June 30, 2007, Symantec detected an increase in Internet criminals leveraging sophisticated toolkits to carry out malicious attacks. The company pointed to MPack as one example of this strategy.

MPack is a professionally developed toolkit available for sale in the underground economy. Attackers can purchase and deploy MPack's collection of software components to plant malicious code on computers around the world, then monitor the effectiveness of their nefarious activities through various metrics. Phishing toolkits, which are a series of scripts that allow an attacker to set up phishing Web sites that spoof legitimate Web sites, are also available for sale.

In addition, Symantec reported a rise in multistage attacks in which the initial hack opens the door for attackers to deploy subsequent attacks. One example of a multistage attack is a downloader that allows an attacker to change the downloadable component to any type of threat that suits the attacker's objectives. According to Symantec, 28 of the top 50 malicious code samples were multistage downloaders.

"While mass spam e-mail phishing is likely to be detected quickly through automated and manual controls, targeted attacks are much more likely to bypass e-mail filters and be successful in their attempt to social engineer victims into opening attachments or clicking on links," said Michael Sutton, a security evangelist at SPI Dynamics.

Social Network Attacks

Symantec observed that 61 percent of all vulnerabilities discovered were in Web applications. While Internet criminals have many targets, such as financial and recruitment sites, social networks are becoming more popular venues for attack.

Social-networking sites, Symantec noted, are particularly valuable to attackers because they provide access to a large number of people, many of whom trust the sites and their security. These Web sites can expose a lot of confidential user information that can then be used in attempts to conduct identity theft or online fraud, or to provide access to other Web sites from which attackers can deploy further attacks.

"We as a population are slowly increasing our public footprint through social networking sites such as MySpace and Facebook," said Sutton. "We must be aware that in doing so we are also providing important information to attackers who are leveraging that information to conduct targeted attacks."