How to survive in the cyber jungle

gallery

Like insurance salesmen warning of the next tsunami or plague, the security product vendors delight in telling us about the growing threats to our systems. But that doesn't make the dangers any less real.

Spam has reached an all-time high, phishing attacks are getting ever more cunning and hackers are constantly finding new ways to penetrate our defences and plant malignant code.

Let's take a look at some of the latest warnings.

Keyloggers

According to Kaspersky Lab, the keylogger has become the weapon of choice for hackers both against business and individuals. It has seen a sixfold increase in the number of keyloggers between January 2003 and July 2006, and warns they are very difficult to combat.

Keyloggers can be a small hardware device plugged into a keyboard for instance, or a bit of rogue software that sits deep in the system where it can record every keystroke and report it back to a remote user.

Keyloggers enable the criminal to get a profile of a user's web browsing habits, to pick up password information, and even credit card numbers. And most users would be unaware of anything untoward happening.

In a new paper Kaspersky gives a detailed description of how keyloggers are planted and how damaging they can be in silently draining the inner secrets from a user or organisation.

Once they have found their way on to a user's machine (usually by luring them to an infected website), the software is usually hard to detect. The only way to prevent fraud then is to use one-time passwords, or to display a soft keyboard on screen for the user to press when entering sensitive information.

Far better, though, to prevent the keylogger getting on the system in the first place. That comes back to raising user awareness, and applying tools that can either prevent any program running that is not on a whitelist, or that will spot unusual behaviour.

Man-in-the-middle attack

Several researchers have noticed a new trend in phishing attacks, which traditionally involve email messages asking unsuspecting users to disclose the details of their bank accounts or any other online accounts they may have.

Mikko Hypponen, chief technologist at Finnish security company F-Secure, says the phishers have started using man-in-the-middle attacks to trick not just bank customers but anyone who registers with an e-commerce website.

"Man-in-the-middle attacks are hard to stop. We saw the first of these attacks about 11 months ago, one targeting Paypal, the other targeting a big US bank. Last week we found five separate kits for man-in-the-middle attacks, targeting sites such as Amazon," he says.

Since then, RSA's researchers have also reported finding ready-made kits on the Internet that allow less able hackers to get in on the act and mount their own man-in-the-middle attacks.

Hypponen says the attacks show a high level of cunning to lure even the most cautious user. He gives the example of a recent attack purporting to come from Amazon.

It starts with an email asking you to clarify something about your account at Amazon. "You follow a link and end up on a page that looks just like Amazon," he says. "It asks you for your user name and password, which it sends off to the bad boys just as in traditional scams. But it also uses the user name and password to log into the real Amazon site. It goes to your Amazon profile page and it downloads all the information about you. It then creates a new page which then asks the user to 'confirm' their details.

Email to a friend

Print this page