Again, hacking is a for-profit business. It's no longer simply an attack against Microsoft or a disgruntled employee coding a 'surprise' for his IT folks at his former company. The new breed of hacker is funded or cajoled by organized entities. The code this new hacker writes is code that exposes personal information or executes commands on zombie networks containing hundreds or thousands of machines. These zombie networks can be used to attack sites with denial-of-service (DDos), attempt to create more nodes for the zombie network to use, expose personal data or attack systems in ways we've not seen yet.
Malware can distribute itself in other ways (not just through attacks). Freeware, Adware and Spyware can download unwanted components that can potentially harm or control your system. And then there's spam, which can also carry malware.
Defend yourselves:
- Avoid untrusted sites and downloads.
- Don't open email attachments from unknown sources.
- Patch your systems.
Some news hits:
CIO: “Malware up 48 percent over last year”.
Nearly 11,000 new malware programs were identified in the first half of 2005 -- up 48 percent from 2004. Most of the increase is due to variants. Mozilla-based browsers had more vulnerabilities than Internet Explorer in 2005. Per http://www.secunia.com, Firefox had 20 vulnerabilities vs. IE’s 12, and Firefox had more critical vulnerabilities that allowed complete system compromise. This, of course, doesn’t mean that Firefox is more risky; it’s newer and is expected to have more bugs initially, but it does mean that open source browsers aren’t a defensive panacea. Can anyone code a secure, usable browser that substantially withstands the hacker threat that accompanies larger market shares? It would be interesting to see how Opera would handle increased scrutiny if it gained a larger market share.
CIO: “FTC Asks Court to Shut Spyware Site” (more on this: “FTC Asking Court to Shut Spyware Site”)
eWeek: “Phishers zero in on banking”
In recent months, companies that monitor phishing attacks have noticed an increase in malicious programs that record computer screen activity. The rise in so-called screen scraping may be an attempt to counter new electronic banking programs that use a combination of mouse clicks and keyed entries to give customers access to their online accounts.