⌊ K™¦krizzna.web.id ⌉
Sekedar coretan seorang nyubi
Computer Hacking & Virus / Malware
Computer Hacking & Virus / Malware
When a fortune-teller stares into her crystal ball she claims to see through to the misty future and offers guidance to those willing to hand over the required fee. However, she might be stumped when faced with questions about the state of tomorrow’s computer viruses, or whether or not there will be a global outbreak of cyber warfare. She ought not to be because, although the internet threat landscape is continually evolving, there are some basic principles that help us predict what’s coming next.
Perhaps surprisingly, these hold the human condition at their core. A 21st century Mystic Meg should have no problems foretelling the digital future and we’ll explain how you too can look into the future at internet threats. Anti Virus Companies like Symantec, GRISOFT etc have researchers that investigate current threats and new technologies with a view to discovering what the next big security problems are going to be, and they don’t use crystal balls.
ITS ALL ABOUT THE MONEY, In the old days the original computer viruses were born of pride or misplaced curiosity. Anonymous individuals wrote computer code to show how clever they were, viewing security software as a challenge. If they could beat anti-virus programs produced by big names such as Symantec, McAfee etc then they would have outsmarted the experts. In some cases their motivation was increased as anti-virus (AV) programs improved over time.
Today things have moved up a few gears and every reputable security company acknowledges that money is the motivation behind the vast majority of online threats. Viruses, compromised websites hosting malicious exploits, fraudulent emails and phishing websites have all been designed to steal or generate money.
As we ponder the future of malware and other threats, we need to look at the matter in the context of criminal endeavour, rather than seeing online threats as a result of vandalism and other types of low-level dysfunctional behaviour.
Over the years it has became clear that a new underground economy has evolved in which our personal details are traded for cash on the internet. This situation not only continues today, but the illegal information gathering and trading systems have grown even more sophisticated. Criminal organisations provide services to others much like legitimate business. They sell hacking tools in a web-based arms market and operate escrow systems to ensure that the thieves don’t rip each other off. Much of the criminal activity is based around malware, which forms the front line in the criminals’ activity.
Some people create malware, others sell it, while underground services offer to check the latest viruses to ensure that they aren’t detected by the software produced by anti-virus companies. It’s a sophisticated arrangement, both in terms of business and technology. AV companies, spend a lot of time monitoring and interacting with criminals as they go about their online business. They have something like an underground version of VirusTotal ( a website that scans URL’s for bugs ), to check that their malware can avoid detection, as well as services to monitor botnets. Botnets are potentially vast networks of compromised computers – PCs owned by regular internet users. They are part of the cybercriminal’s IT infrastructure and are the equivalent of a traditional gangsters Muscle. Botnets provide masses of computing power as well as the ability to bring down the websites and internet connections of large companies. They can be used to send out billions of spam emails, infect websites on masse and even host transient infected websites that come and go, making them very hard to take down.
In the worst cases (for the individual visitor), it might try to load malware on to their computer. Once malware is loaded on a system, the computer can be used as a tool to spy on its user. This means that usernames, passwords, bank account details and other sensitive data can be siphoned off and sent to the attacker.
Although you might think that this is the end of the story, the criminals who install the malware may not have a direct use for your data. I have read Symantec’s latest internet threat report. In it the company discloses that criminals compile lists of credit card numbers and bank details, which they sell off in huge lists. However, the availability of cards has dropped since last year, while demand remains high. This has increased the cost of buying the information. The report also notes a disturbing new development whereby criminals are trading ‘dump tracks’ – the whole information found in the magnetic stripe on a credit card. This data can not only be sold for a higher price than basic information, but it’s also more usable as it can be used to create a physical replica of the card. Criminals are now advertising personal services and, in a perverse version of online business networking, researchers have found recommendations for people involved in money laundering and even for ‘mules’. According to Symantec: “Mules are unsuspecting members of the public who have been duped into accepting funds into their accounts, or accepting stolen goods.
Like any other commodity, these people are traded on net forums by cybercriminals.” At some stage a criminal will end up using these details to commit a fraudulent act, but it’s likely that the data will pass through a number of hands first. lf and when your personal data is stolen online, it will often be passed from criminal to criminal before being used. Once in possession of a card, criminals may try to use it to buy goods. Alternatively, a criminal may leverage the services of a ‘cash-out’ criminal. These people may charge nothing for their services — that is the service of emptying your bank account- but take a commission on the transaction instead. The online criminals have a large number of potential targets to consider. Although their primary objective is to make money, there are a number of ways to do so, some of which are more subtle than others. criminals put a value on personal details for the purposes of ID theft, selling the data to ID thieves and even pilfering online games login details for financial gain.
WHO ARE THE TOMORROWS VICTIMS? Tomorrow’s victims will be the same as today’s. The only difference is that the criminals need to stay ahead of the game in order to compete with each other and remain profitable. Criminals will always go for the easiest targets first, looking for low-risk, high-return opportunities. This means creating a widespread threat that has the potential to affect millions of people. The hackers aren’t going to single out an individual, but instead hope to catch as many random people as possible, collect their data and use or sell it for financial gain.
These regular people will likely have bank accounts and credit cards that can be stolen. Gamers often have online accounts that carry a high value — there has been a thriving market in hijacking or emptying games accounts for years. Criminals might also try a targeted approach, where a specific (very rich) individual, company or group of people are faced with a highly convincing, customised attack.
In the past, criminals have sent infected CDs and USB keys to workers at banks and other large organisations. Hardware keyloggers can then be used to record usernames and passwords. There have been fears that last year’s attack on the recruitment website Monster furnished criminals with lots of personal information that allowed them to target people with powerful employment roles, such as CEOs of global companies. Targeted attacks can also use information gleaned from social-networking sites – a technology that has only become very popular in the last few years. Businesses themselves are another big target, although the scale of the problem is hard to assess. We only see the tip of the iceberg, There are probably documents containing zero-day exploits being sent around and so on, but companies won’t go public when they’re attacked.
Social engineering has repeatedly proven to be a useful technique for fooling people into taking unwise actions. The criminals trick victims into visiting fake or infected websites, downloading and installing harmful software and even responding to near-blatant attempts at fraud. This last con trick involves sending emails requesting your help in some matter, with the promise of delivering millions of dollars for no work at all.
Security companies claim that infected websites constitute the largest single threat at the moment, The general assumption is that these are legitimate websites that have been infected without their owners’ knowledge. The sites are hacked and a small piece of infected code, or a special type of (iframe) link to another infected site, is inserted. When a computer loads the web page, it becomes infected.
There is also a view that sites being operated by less moral individuals may host malware on purpose. Porn websites are hosted by those with a flexible ethical framework, They are more likely than some to host malicious iframes in order to gain a few dollars per installation of malware.
Viruses and infected websites that attack consumer electronics as well as computers are likely to be a feature of future cyber attacks. Currently computers are the main target for online criminals. The PC and, to a much lesser degree, the Mac are both attacked because lots of people use them for online banking and other tasks that involve handling valuable information.
Tomorrow’s targets will be the devices that people use for similar activities. This means that the PC is going to stay at the top of the hacker’s hit list for a long time to come. If a certain type of mobile phone became a popular way to access online banking, then you can
Tags: computer, Hacking, Malware, Virus
Recent Comments