What threats may come

2006-02-01

Tomer Honen

Aladdin Knowledge Systems, Israel
Editor: Helen Martin

Abstract

'A serious threat in 2006 will be multi-stage, targeted phishing attacks.' Tomer Honen, Aladdin Knowledge Systems.


It is said that money makes the world go round – well it certainly drives the malware community. Over the last year, we've seen a sharp increase in the number of backdoor attacks employed by various in-the-wild threats. Taking over computers is apparently quite a profitable endeavour, and there are many buyers for the scores of backdoor-infected PCs out there. It is safe to say that 2006 will be just as malware-filled as 2005 was, and probably even worse.

Mobile phone threats will make a few headlines this year as the number of smartphone users grows. We are likely to see new mobile phone threats, which may be able to spread to other platforms and infect them. Since the communication channels employed by mobile phones are often insecure, it will be easy to use these devices to implant remotely controlled Trojans in a corporate environment. In this way, hackers won’t even need to make the initial contact with the infected PC; all they need to do is infect a mobile device and let the PCs come to them.

More disturbing than common spyware or worms are invisible targeted spyware and Trojans. Last year we witnessed several Trojan-related incidents that made headlines around the world – from corporate attacks in Israel and the UK, to major credit card information theft in the US. A Trojan operator needs access to a compromised system for just hours or even minutes to steal vital information. Since most attacks are unique, it is rare to see more than a handful of copies of each individual Trojan and traditional signature-based solutions are usually unable to block these threats. We are likely to witness more incidents of this nature in 2006. Or rather, we'll be lucky if we can spot them before they get to us, carry out their payload and disappear.

A serious threat in 2006 will be multi-stage, targeted phishing attacks. According to the Anti-Phishing Working Group (http://antiphishing.org/), thousands of phishing attacks are reported every month, but the attack methods are changing. Instead of luring victims to spoofed websites where they are fooled into entering confidential information such as their passwords, financial details etc., the latest trend is to use password-stealing malicious code in the phishing websites themselves. Even if the user does not enter the confidential information, they may be infected by malicious code that will extract it forcefully.

The number of malicious code phishing sites more than quadrupled in 2005, to over 1,000 reported sites. Money-driven attackers will exploit this obvious Achilles' heel by employing multi-stage targeted phishing attacks:

  • Certain users will receive an email intended specifically for them. This will display content that is of interest to the recipient, trying to get them to click on a link to a site.

  • The website will contain malicious code that drops and executes a backdoor Trojan on the victim's system with little or no user interaction. And voilà! Somewhere in the world a hacker obtains a new remote controlled system. This turns phishing attacks into a serious corporate threat.

Many content security solutions scan malicious content received by mail but neglect to analyse content downloaded from the web. By neglecting to inspect web traffic, users become exposed. Also, many users do not realize that email messages can execute content downloaded from the web as the message is viewed.

According to Gartner, 'Through 2010, each new technology transition point will result in 30 per cent more newly opened attack paths than old paths that are closed.' In layman's terms this means that the more advanced we become, the bigger the threat. It is a grim prediction, and there's little that can be done to make the world behind our firewall, anti-virus, anti-spyware and anti-spam products more hospitable. However, with the right protection, some of us should hopefully have a relatively quiet year.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.