In January of this year, a 20-year-old teenager was charged with hacking into U.S. government computers and using them for fraudulent activities.
 |
| Source: Techcentral |
Jeanson James Ancheta implanted Trojan software into the computer systems of the China Lake Naval Center in the Mojave Desert of California, gaining control over computers across the network. He used this “VIP botnet” to generate hits for advertisements on websites, leisurely collecting payment from advertisers.
Does it sound harmless and trivial? You wouldn’t think so if you knew that this operation helped Ancheta pocket a whopping $60,000 before being caught.
Moreover, investigators uncovered that Ancheta was controlling over 400,000 computers worldwide. These zombie computers obediently followed his every remote command, from generating hits for advertisement banners to spreading spam and sending malware to other vulnerable systems.
In essence, Ancheta exemplifies a new type of cybercrime driven by a strong motive for monetary gain. The spyware or Trojans they implant into users’ computers, once installed, operate tirelessly and diligently like loyal slaves, serving their master from afar.
Users are rarely aware that their computers have been compromised. The systems continue to function normally, albeit sometimes a bit sluggishly. And of course, they remain oblivious to the secret tasks their computers are performing.
A New Blight
Botnets are becoming a new festering sore in the realm of Internet security. According to statistics from security firm CipherTrust, more than 180,000 computers are turned into zombies every day, and this number shows no signs of stopping.
 |
Source: Infotech |
Hackers can use botnets to deceive online advertisers (as in Ancheta’s case), or they can rent them out hourly to distribute spam in bulk. Many even rent botnets to conduct denial-of-service attacks against rival websites.
It is evident that these activities are becoming increasingly professionalized, following a closed-loop process of “pay for play”. This is gradually replacing the behavior of amateur hackers from earlier times, who viewed hacking as merely a hobby.
“Major virus outbreaks like Sasser and Blaster are becoming less frequent. Many think the situation is improving, while in reality, it is getting worse,” said Mikko Hypponen, chief research officer at F-Secure. “Attacks are becoming more focused and targeted, so users are less aware. But the damage is enormous.”
In Hypponen’s view, botnets are a headache that is not easily solved, as most zombie computers are home PCs connected to the internet. “It takes a lot of time and effort to explain these concepts to an average user, as well as how to ‘liberate’ their computer. Therefore, most ISPs just turn a blind eye.”
A New Front in Phishing
Most analysts predict that phishing attacks will escalate at a rocket pace, both in volume and sophistication.
 |
| Source: Techcentral |
David Sancho, a virus expert at Trend Micro, demonstrated this with a recent attack in Germany. The attacker disguised as a utility company sent emails to victims, requesting them to check their bills by clicking on an attached PDF file. In this case, the attachment had the .pdf.exe extension and implanted a Trojan into the recipient’s computer.
“Once activated, it will silently monitor every Internet connection, every website visit, and your passwords and usernames, then report back to the ‘master’. This method is quite clever, as hackers do not need to set up a fake server.”
Hypponen also predicts that phishers will soon find ways to bypass one-time passwords that many banks are using as a security barrier. “The recipient is tricked into logging into a fake bank, where they are asked to provide a verification code. The fake bank will access the real bank using this password and drain the funds. Then it will return to the user, claiming there was an error and asking for another verification code.”
Finding “Chickens” to “Herd”
 |
Source: Infotech |
The biggest challenge for phishers is finding “chickens” to “herd,” as more and more users become aware of this type of attack. Their solution is to target smaller victims and use languages other than English, such as Greek, Czech, and Finnish.
While Windows computers remain the primary target, brace for phishing attacks aimed at mobile phones. F-Secure reported discovering 179 mobile viruses and estimates that tens of thousands of phones have been “infected”.
Nokia has responded to this warning by releasing models with integrated antivirus software while tightening security for Symbian version 9 models.
However, F-Secure has also documented the first malicious Java software written specifically for mobile phones, meaning all models, not just high-end ones, are at risk. In March, Hypponen discovered a mobile Trojan that specifically called a number in Russia, generating 5 euros for the distributor each time.
Thiên Ý
