There's no doubt about it: The Internet is a cool tool, and researchers, programmers, and technology companies are continually coming up with ways to make it even cooler. But, as I've warned before, with the good comes the bad-an army of hackers, crackers, and black hats (take your pick!) is working equally hard to corrupt new Internet toys for their own use. And Fm not talking about petty crime-a number of recent reports suggest that even organized crime syndicates are getting into the business.
Knowledge is definitely power when it comes to combating e-crime, so this month I offer a review of some of the more interestingand damaging-ways hackers are trying to get at your computer, along with some resources to help thwart their efforts.
Plague of the spam zombies
I've talked about zombies in previous instalments of this column. A "zombie" is a computer that's been taken over by an intruder by means of a virus. The owner and user of the computer normally don't even know the computer has been compromised -the only thing they might notice is that the computer is running slower than usual.
Increasingly effective anti-spam measures are making networks of zombie computers, also known as "botnets," very attractive to spammers. These networks have also gained the attention of criminal organizations. According to the UK-based Register Newsletter, an illicit trade in botnets is ongoing.'
In addition to spam, these zombie networks could also be used for launching "denial-ofservice attacks." A recent story in the New York Times gives an inkling of what's possible: It appears that an executive of Orbit Communication Corporation was recently indicted on charges of hiring hackers to set up online attacks against the company's competitors.2 According to the article, these hackers used denial-of-service attacks to disrupt competitors' websites. This same technology could also be used for many other equally nefarious purposes.
As Marcus J. Ranum puts it in an article entitled "I, botnet"3: "Hackers are using [botnets] not just to crash target networks, but to send spam and generate click-throughs to ad-laden porn sites.... Using the bot to download more attack tools and wreak more mayhem, the hacker can comfortably eat into a network even if it's behind a firewall, since most firewalls allow inside-outside connections. [Bots] effectively render your firewall transparent to the bad guys."
"Peeping Tom" worm
The output of webcams (website video cameras) is designed to be viewable over the Internet. Ever wondered what your cat gets up to while you're gone? Want to see the faces of your family and friends as you talk to them over the phone? Set up a webcam. (Well, you'll also need some Internet telephony software to set up an Internet-based telephone call.)
Unfortunately, a number of enterprising intruders might also find your webcam of interest. Rbot-GR is the rather cryptic name of a new worm circulating the Internet that can use your webcam to spy on you. (Again, a worm, similar to a virus, is a malicious program that can "infect" your computer.) If you plug your webcam into a computer infected with this worm, everything you do and say in front of the computer can be seen and recorded by countless others without your knowledge. How creepy is that?
Rbot-GR also steals registration information for games and PayPal passwords from your computer. Fortunately, this rather nasty little program was not widespread at the time I wrote this article.
"Phish"ermen net bumper catch
To "phish" is to send out bogus emails that claim to come from a legitimate business in an attempt to get recipients to reveal personal information. These emails direct recipients to a website where they're asked to enter their user-id and password and update personal information. Thus given access to the individual's financial records, the "phisher" collects the information (credit card numbers, etc.) and either uses it or sells it to someone else.
If you receive an email from a business or financial institution asking you for personal or financial information, delete it. Legitimate businesses know how common these scams are and won't ask you for this kind of information by email. It doesn't matter how genuine the link looks-it could still be a fake that will send you to the wrong web address. To learn how to protect yourself against these kinds of scams, contact your financial institution(s).
Protect yourself
Computer security is a big job, and the best person to handle it is a professional with experience in the field. Unfortunately, the average person doesn't have access to experts, but there are more readily available alternatives out there. In addition to magazines and books on the subject, websites like the following offer in-depth information on computer security:
* www.cert.org:
The Carnegie Mellon Software Engineering Institute's CERT Coordination Center (CERT/CC) is a major source of information on Internet security. Its website provides information on the various security threats to your system, and explains ways to avoid, minimize, and recover from any possible damage.
* www.isaca.org:
If you'd like to learn more about IT governance, control, and assurance, check out this website. The Information Systems Audit and Control Association (ISACA) also offers seminars, conferences, publications, and certifications.
* www.sans.org
The SysAdmin, Audit, Network, Security (SANS) Institute is a cooperative research and educational organization that offers information on security research, certification, and education.
[Author Affiliation]
By Rita Mikusch, Webmaster
Комментариев нет:
Отправить комментарий