Speaking of botnets, go to What a Botnet Looks Like to see a mapped representation. Here’s the description:
Researcher David Vorel mapped interconnected, bot-infected IP addresses and created this geometric representation; CSO contributor Scott Berinato annotated the map and added interactive controls so you can zoom in and explore botnets’ inner workings.
If you ever wonder where all that spam gets mailed out, the answer is botnets. These networks of zombie computers account for most spam. According to a report described at PC World, one botnet using a Trojan called Srizbi is responsible for half of all spam:
Joe Stewart, director at US consultancy Secure Works, said the Srizbi Trojan is the biggest botnet in history and the most powerful. He said Srizbi, aka “Cbeplay” and “Exchanger,” can blast out 60 billion messages a day.
This is an especially insidious Trojan since it is of the variety called “rootkit”. The estimates are that the botnet contains 300,000 zombie computers.
Economic incentives govern criminal online activity just like so much else of human behavior. The Bits Blog notes:
To make money, you have to move up the economic food chain into higher-value, more profitable work and markets. That economic fact of life applies to nations, companies and individuals.
A study released this week shows how this natural law is being applied in the subculture of criminal computer hackers. Pilfered credit card numbers and bank account PIN numbers have become commodities on shadowy Web sites where stolen digital information is bought and sold.
Company e-mail, business documents and personal health information are the new targets of choice for illegal hackers, according to Finjan, a San Jose-based maker of Web security software and appliances.
Criminal activity through malware is a big business these days and an interesting (if depressing) review of the security scene is at Computerworld. Here’s an excerpt:
In contrast, today’s malware causes less overt havoc but far more deliberate harm. Most 21st-century crackers aren’t making malware to show off their skills or wreck systems for the sheer malicious fun of itall. They’re making malware that hides in your system so they can use your personal information and PC resources to make money. Welcome to the era of capitalist hacking.
In response, the security vendors come up with anti-malware programs, and we’re locked into a seemingly endless battle between crackers and the defenders for the safety of our networks, our computers and our personal information. At the moment, it appears the bad guys are winning. There’s more malware than ever before.
There’s nothing new there but it wouldn’t hurt to read Walt Mossberg’s article, How to Avoid Cons That Can Lead to Identity Theft, or to watch the video version.
As indicated in the previous post, creating and marketing malware is becoming an organized industry. InfoWorld reports on the growing problem:
The latest iteration of Symantec’s Internet Security Threat Report — covering its research over the final six months of calendar 2007 and released on Tuesday at the ongoing RSA Conference 2008 in San Francisco — finds that malware authors and the ecosystem of constituencies supporting cyber-crime are advancing the sophistication of their efforts at a staggeringly expeditious pace.
From the groups of exploit developers marketing malware toolkits to aspiring attackers to the people buying and selling stolen credentials, the entire landscape of electronic crime is taking off and increasingly resembles the security software community that is working to thwart it, Symantec researchers said.
Symantec says that there is now more malicious code being created worldwide than there is legitimate software.
When I first saw this article at Ars Technica, I wondered if it was a hoax. It’s not April 1 so maybe it’s legitimate. It begins:
Selling botnets for particular attacks, black markets for stolen identities, and malware construction kits are all now par for the course for the increasingly commercial malware industry. Discovering that malware authors have actually turned to End-User License Agreements (EULAs) in an attempt to protect their own intellectual property, however, most definitely qualifies as something new, different, and beautifully ironic.
More about this irony is at Symantec.
The large scale infection of Internet servers mentioned Friday has been attributed by Panda Security to flaws in Microsoft server software. The Washington Post reported:
Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government — have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software on visitors’ machines.
The attackers appear to be breaking into the sites with the help of a security vulnerability in Microsoft’s Internet Information Services (IIS) Web servers. In an alert issued last week, Microsoft said it was investigating reports of an unpatched flaw in IIS servers, but at the time it noted that it wasn’t aware of anyone trying to exploit that particular weakness.
Microsoft has denied that its software is at fault. According to Computerworld:
Microsoft Corp. late Friday denied that vulnerabilities in its Web and SQL Server software had been exploited to hack hundreds of thousands of Internet pages.
Normally legitimate sites continue to be hijacked and infected with malware. It’s all part of a growing problem with JavaScript. Gregg Keizer reports at Computerworld:
Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have been hacked and are serving up malware, a security researcher said today as massive JavaScript attacks last detected in March resume.
It’s getting to the point where I am putting up with the inconvenience of disabling JavaScript (and it is inconvenient). Fortunately, the extension “No Script” for the Firefox browser allows for control over individual sites. Still, you don’t know who to trust anymore.
More details are at Websense.
Many home PC owners use the free anti-virus program AVG from Grisoft. A new version is now available. Among other things, the interface is improved. The software has also been extended to include anti-spyware. The new version is AVG 8.0 and can be downloaded here.
Addendum: I should point out that installing AVG 8.0 does not remove older versions of AVG. Uninstall any older versions of AVG (or any other anti-virus program) before installing AVG 8.0.