The time when the creators of viruses wreaked havoc on millions of computers were just teenage hackers trying to prove their manhood is long gone. Looking back now, that era seems like a “beautiful past“.
You might think this conclusion is absurd and counterintuitive. In reality, the current security landscape is indeed “worlds apart” from those days. Today’s attacks are narrower in scope but highly targeted, penetrating even the most fortified operating systems.
In place of the “rash teenage hackers” of yore, today’s virus attacks are almost always funded by criminal organizations. Their intent is clear: to steal information (both corporate data and personal accounts) for use in sophisticated scams.
Thus, it’s no surprise that the very software designed to secure systems often becomes targets for hackers. Alongside the wave of attacks aimed at Windows operating systems, another rising trend is the targeting of widely installed applications.
From database software and antivirus programs to backup tools and even music players, all vulnerabilities in these programs are fully exploited. Corporate and even national information is at risk of being compromised. “All attacks aim to steal information,” notes the product management director at Symantec.
New Threats
It is dangerous that most users remain complacent, believing they are safe simply because they have installed the latest security patches. You must ensure that, besides the operating system, other installed applications are also kept updated.
Fortunately, an increasing number of programs, such as Adobe Acrobat Reader and Mozilla Firefox, now come with automatic update systems (Note that both AAR and Firefox were attacked in 2005). Because these applications run on various systems, users of Mac OS X or Linux cannot fall into the illusion that hackers won’t target them.
Looking back at the SANS report of the Top 20 Most Critical Security Vulnerabilities of 2005, we see that 9 cases were designed to attack multiple operating systems. File-sharing programs like eDonkey, Kazaa, and BitTorrent are among the most heavily targeted. The main issue here is that all files distributed through these P2P networks could contain viruses that users are unaware of.
The Media’s Guilt
From Windows Media Player and RealPlayer to iTunes and CDs from Sony BMG, most popular music software has security vulnerabilities that allow attackers to automatically install malicious programs, such as keyloggers, to steal passwords and other account information. Therefore, concluding that illegal downloads are unlawful and carry a high risk of lawsuits is still not enough. The security risks present a compelling reason to consider avoiding file-sharing programs.
Another alarming trend is that hackers are increasingly targeting web servers. In the worst-case scenario, they can create fake sites or even seize control of a legitimate site to launch attacks on all visitors, exploiting vulnerabilities in browsers. (Many websites using PHP scripting language have been targeted this year).
Some Calming Pills
It seems that this nightmare named virus is causing you endless headaches and sleepless nights. While waiting for an effective remedy, console yourself with some calming pills.
One takeaway from this is that all hardware and software companies must learn from Microsoft and Apple in providing security mechanisms and automatic updates for their systems. Criminals are exploiting vulnerabilities at an ever-increasing pace, and of course, we can never say, “Hey, wait for me to finish setting up the security system.”
It can be said that the security mindset of both consumers and tech companies is lagging behind by… 6 years. Six years ago, attackers only targeted operating systems, which at that time did not have any enterprise-level automatic updates. Now, attackers have shifted their focus to popular applications, and naturally, none of these applications receive automatic updates either.
Software companies are struggling to build mechanisms for automatic application updates, while users should prioritize their security by manually installing protections first.
Destiny
