THE CONSTANT UPWARD GRAPH OF MALWARE ATTACKS


In the recent spate in high-profile attacks, malware has been the tool of choice for hackers. 2011 seems to be a landmark year hackers with scam attacks, including the politically motivated online attacks on social networking sites like Twitter, Facebook, Android Market. These series of upsurge attacks are alarmingly the fact that nothing, rather no one is secure on internet. The World Wide Web continues to top malware infection wherein emails are a host to malicious attachments and links, while websites come in as a host to a wide variety of exploits and drive-by downloads targeting browsers and applications alike.

For online users, individuals or organizations, malware has always been a significant threat. A rapid rise is being witnessed that is more than capable of compromising, damaging or acquiring sensitive data which can either be personal or could lead to loss of intellectual property in the overall threat landscape. Statistics say that, rather than being hacked by using an exploit; IT users are more likely to be tricked into downloading malware. Hence, there is a continuous challenge in detecting and preventing such threats. Though, not all of these attacks are socially engineered, however, the technique is being used to evade security programs and is being applied to the web that increasingly triples the distribution of malware, of which 55% (Malware) is now delivered via Internet downloads, whereas only 14% is delivered through malicious emails. Which means that as there are more than a handful that don’t understand the complexity of web based threats, from a hacker’s perspective tricking users into installing malware is much preferred.

Also, the inappropriate use of SEO is on the rise. Attackers lure the users to the sites that contain the malware software and expose them to fake Anti-virus downloads, Trojans, worms and fake surveys. In addition to Search Engine Poisoning, the upturn in social networking sites makes them the prime focus of cyber criminals. As the information accessibility and services are interconnect and interdependent of each other, it opens more opportunities for more effective attacks on individuals and organisations.  The emerging Java threats due to Java plug-ins soon will be ruling the malware distribution. Also, URL Shortcut services and Location services contribute greatly in the business of malware distribution. URL Shortcut services will be witnessed.

Apart from creating new malware, Cyber-Criminals are effectively re-modifying the code of known deceased malware. A very good example would be that of the Ramnit Worm which has recently morphed into a financial malware. Moreover, there has also been an enormous increase in malicious programs accounting for at least 25% rise in fresh threats when compared to similar months in 2010. Trojans dominated the line of newly detected threats comprising of at least 70% of all newly created malicious software.

There was a whopping $114 Billion loss due to cyber crime itself cost the world last year. With over 2.9 million users falling as victims to cybercrimes, India alone stood at a loss of $7.6 Billion or Rs 36,200 crore out of which $4 Billion was the total financial loss while $3.6 Billion was the amount spent to resolve reported theft. Of the total amount reported a mere 21% of victims actually reported the crime to the police. Despite the efforts made by security vendors, only 16% had security software installed on their cell phone while 21% had on their PCs. Also, additional $274 billion was lost, based on the value victims placed on time lost due to their cyber crime experiences. More than two thirds of all adults who used the Internet more were victims of cyber crime. While most issues are more than preventable, over 54% of online users have experienced malware followed by 11% in online scams and 10% in phishing scams. In comparison to 2009 and 2010, there has been a decent increase in malware amounting to 19% in 2011.

There key reason for this increase in the cyber attacks is financial profit. Also, there been a whole automation in terms of the creation of malware due to the web attack toolkits that are growing at a rapid rate as the chosen weapon.

On the other hand, the way cyber crime is dealt by people online shown by the overall number of infected users itself signifies a defect. According to studies, in the last one year the overall number of users infected with regard to online cyber crime has tripled in comparison to offline crime. A major flaw is been noticed in the way users perceive online threats. There is a huge gap between awareness and the action that needs to be taken by IT users. Approximately, 80% of PC users are aware of cyber crime as a growing threat, however the necessary precautions are not being taken against it. At times, either the Security is outdated or the implementation of the necessary updates to protect users from complex threats id not up to the mark.

With respect to enterprises, cyber crime is increasing at an alarming rate with over $30 Billion being invested annually on corporate defences and cyber criminals are invariably being able to evade these conventional defences. In fact, even the most security conscious industries are vulnerable to online attacks such as HBGary, Epsilon, RSA and DigiNotar, Comodo– to name a few.

BEWARE! You are spied while banking on internet!


Technology has advanced to such an extent that we now trust our computers in money matters. Coincidently, more than we may trust humans!

It is observed that major internet savvy users have stopped going to bank. Right from filling the forms and online applications to transferring the cash and all the other banking formalities we have started using internet. Let me not talk about the pros of the same. We all are aware of them. However, the overshadowed cons due to favourable pros of this facility need to be brought under notice.

One of the biggest security concerns when using internet banking facility is Keyloggers. In simple words these especially creative people tracking the keys struck on a keyboard from remote, while someone is banking on internet. We might have heard people saying that they have lost money from their account or there are some unknown transactions showing on their bank accounts using their internet banking accounts. This means that their account is being hacked!

Now, a question might arise that how is this possible? This is done secretly so that the person using the keyboard is not aware that his/her actions are being spied on. Key logging can be done from hardware and software-based approaches to electromagnetic as well as acoustic analysis. With is they are able to trace the username, password of the online banking accounts. And can take advantage of that information. It is easily possible by writing simple software applications for key logging. Later, these programs can easily be distributed as a Trojan horse or as part of a virus in the network. To whom-so-ever this virus stuck, is a victim!

Here, something which is not simple for the Keylogger is to install a hidden keystroke logger without being caught and to download the data that has been logged without being traced. Usually these Keyloggers manually connect to a host machine to download logged keystrokes risks being traced. There is always a risk of sending a Trojan to a fixed e-mail address or IP address because it may expose the key logger’s identity. One of the other ways that keyloggers try is by unconditionally writing the crypto Trojan to the last few unused sectors of every writable disk that is inserted into the machine that remain marked as unused, using a USB token. And only the Trojan writer can decrypt the cipher text because only he knows the needed private decryption key.

Hence, we need an alternative to the conventional computer. In year 2008, IBM engineers invented virtual keyboard also known as laser keyboard. Its primary use is when you need to type without a physical keyboard present. It is also used as an additional safety measure from viruses, Trojan and  that might be present in the computer that logs every keystroke from the keyboard waiting for you to type in your password or credit card number. Virtual Keyboards are the best for internet banking. This online application protects your password from malicious Spyware and Trojan Programs.

Presently, there are several programs available in the market today that can be added to any desktop or laptop system to create a virtual keyboard environment. Also, it can be downloaded from internet. Once installed on your computer, it is easy to access. Some times the original keyboard (hardware) is used to active the virtual component and using mouse virtual keys can be typed. Couple of more alternative devices such as head mouse and eye mouse can also be used. Laser technology can also be used to operate the virtual keyboard.

Apart from Virtual keyboard, the other ways to have a safe banking experience online is by using Anti- Keylogger softwares, Live CD/USB, Anti-Spyware, Anti-Virus programs, Network monitors, Automatic form filler programs, One-time passwords (OTP), Security tokens, On-screen keyboards, Keystroke interference software, Speech recognition, Handwriting recognition and mouse gestures, Macro expanders/recorders and so on!

Well, the fact is that effectiveness of countermeasures varies as keyloggers use various techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. Also, there are always possibilities of the Keylogger software authors updating the code to adapt to countermeasures that may have proven to be effective against them. With the increasing advanced innovations, there are more advanced versions of thefts invented…. Or Visa Versa!

The bottom line is BEWARE!

Hollywood… Forget about Bodyguards… Do you have Anti-Virus?


Celebrities are no stranger to encroachments… privacy has always been a serious issue for them… right from media to the over zealous fans to their jealous competitor costars… all seek unfettered access to their favorite stars. However,Hollywoodnow faces a new, freakish threat to their privacy!

 

After creating havoc in the top level corporations and governments, the known hacker group Anonymous is diverting its attention away towards the Hollywood’s elite. And for this they have honored themselves with a new title – HOLLYWOODLEAKS… thus has declared war on the entertainment industry!

 

Since past few days, Hollywood Leaks has been successfully accessing the private records of celebrities. They are simply facilitating the free flow of information what they find and interestingly, have no qualms about sharing it. They got access and distributed some of the precious data like the confidential script for the new Tom Cruise movie, ‘Rock of Ages’ and phone numbers of celebrities – Ashley Greene, Joey Fatone, Miley Cyrus, Lil Jon, and Mark Cuban. They even leaked Julianne Hough, the singer’s health insurance information, her cell phone number as well as her cell-phone pictures, including pictures of her with boyfriend Ryan Seacrest and even her unreleased album.

 

Eventually, they are also responsible in leaking topless pictures of VMA nominated rapper Kreayshawn and shared them with her some 300,000 odd Twitter followers. Toby Barrett’s twitter account was hacked. And recently, they hacked Gerald Butler’s e-mail address of his Gmail account along with email addresses of rappers Waka Flocka and Lloyd Banks.

 

Just like Anonymous or LulzSec, Hollywood Leaks revealed that they are in it for the Lulz – that is just for the felonious amusement atHollywood’s expense!

The group posted message to YouTube recently – “Attention Hollywood. We are Anonymous. We have been watching you. We have been listening to you. You have been allowed to run free too long. The time of Jew control media is over.” Later, the group tweeted “LOL at people calling us Anti-Semites. It’s for the LULZ.  Get over it.”

 

The hacker group has revealed that its intent is to target celebrities in Film, Television, and Music. And as we see, few top celebrities have already been targeted. The main purpose of these hack attacks seems that the hackers are looking for dirt, such as nude photos, embarrassing e-mails or memos, scripts under wraps, etc. In general, Hollywood Leaks wants to leave a trail of showbiz carnage in its wake.

 

Though it’s not the most devastating list of achievements of the group so far, however, their ominous sign-off:  “We do not forgive. We do not forget. Expect us.” … scares me a bit! I just wonder what next… rather whose next!

 

I am pretty sure thatHollywoodspin machine might be scared by now due to the Hollywood Leak’s operation and have got an idea of the hack group’s potential to wreak havoc on the industry! And it looks like they’ll continue to shake up the industry.

 

According to security experts, Hollywood Leaks have broken into these celebrities accounts may be simply by guessing some bad security questions. So dear allHollywoodmembers… stop only thinking about your physical security… Think about securing yourselves online…. A bodyguard for you online… A good Anti-Virus!

Loving Internet, Thanks for saving us! – From Trees


I very well know that with the rising altitude in global warming in the recent times and how is Internet connected with global warming. I agree that using the internet uses energy, depleting fossil fuels, and so on. However, have we every thought about what has happened ever since the invention of Internet and the way it has become accessible to nearly everyone on the planet? I guess not….

We must have shared this point of view of our many a times that information sharing has become much faster and accessible than ever before with internet. However, we never stretched our thought a little thinking that prior to internet; we had to be more attentive and aware about the news, happening in the every corner of the world or research at a library to know about anything. However, now all this information is at our fingertips. We don’t need to store the piles of cuttings of the newspapers about the article we thought may be useful to us in future. With websites of almost every news channel and newspaper, usage of paper has drastically reduced.

Have we ever thought that now the transactions have become much more and accurate even while using less paper?  Well, ever since the invention of computer, the usage of papers has reduced a lot. Now, we are more comfortable saving our documents and pictures on computer folders rather than in piles of files. And now with almost every bank offering online transactions with secure processes, purchases on online stores and many such virtual activities… the constant need for paper supply has really come down.

How many of us have been offered discount from our mobile network service companies for using e-bills? Go ahead and switch to e-bills… they save lot of paper and also less hassle for you that you face trying to keep your paper bills files and secured.

I really appreciate online education. Virtual books, internet as a vast online encyclopedia, no paperwork at all, and even online submissions… wow…

Apart from this, when we say that internet gives us a way to be connected to like-minded individuals across the globe. Have we ever thought that earlier, one could only have few friends though now we can be connected to just about anyone across the globe. And with this if we analyze, Anna Hazare’s recent Anti-Corruption movement would not have been successful! Online activities and constant support through email campaigns as well as social networking sites contributed majorly in bringing the wholeIndiatogether. In fact, social networks have helped campaigns reach more ears—and eyes—than ever before. Without internet, just sit and think how it could have been possible and how long it could have taken to achieve the success in the campaign!

We save a lot on paper and mailing by sending emails. We can now telecommute instead of actually driving to work… have meetings via teleconference instead of flying to another city…

Practically speaking except getting motivated on June 5th every year how many of us really take initiative to plant trees. Well, though we do really contribute somewhere a lot in saving them… right!

Internet has long promised a more efficient and greener world…. It seems to be keeping its promise!

I wonder if trees could speak the language we could understand! I am sure the one whom they would thank the most would be internet!

IF JUNK… JUST BUNK…


Many a times we have received an e-mail that says something like: “Forward this e-mail on to 10 people and receive good luck for a month!” Or “If you forward this to 10 people, you’ll see something funny on your screen after you send it or forward this on to ’10’ of your friends” or “sign this petition” or “Forward this mail to 10 people or you’ll get bad luck,” or ” Forward this mail to 10 people and you’ll get good luck,” or “you’ll see something funny on your screen after you send it” or the very famous ‘Microsoft Email Lottery’!

I am sure almost 99% of the “Please forward this to everyone” emails we get almost regularly contain at least some misinformation. Rather sometimes, the entire email is completely a hoax. Even the one trying to warn us of some great peril are usually worthless, like HIV infected needles in coin return slots, gang member initiation rituals, kidnap attempts in parking lots, or simple procedures that will save someone in an emergency medical situation, at times are outrightly dangerous (if they contain virus).

Also, the e-mails that ask you to add your name and forward on to others are similar to the mass letter. Many of us must have also received emails that say that “you can do your friends and family members a great favor by sending this information to them. You will be providing a service to your friends.”

I have also received many of the emails that try to play with our conscience by saying that “send this e-mail to 10 people… if you’re not ashamed of God/Jesus” or also the e-mails that talk about a missing child or a child with an incurable disease, “how would you feel if that was your child”…

I know these mails are received by many of us quite occasionally. My question is that how many of us respond to such mails as instructed? And what happens when we do so?

If I am not mistaken, the answer is NOTHING ACTUALLY HAPPENS! True… we neither win any lottery… nor do something good or bad happen with us! So what is the purpose of these chain mails? When no one gets anything out of it… why do these mails… sorry chain mails keep knocking our inboxes?

Well, as it is said that in today’s world nothing happens without a reason… same applies for internet world!

These chain mails have tracker programs attached to its e-mails that track the cookies and e-mails of those whom you forward them to. It is one of the ways to get names and cookie tracking information for telemarketers and spammers. This activity helps them to validate the active e-mail accounts for their own profitable purposes. It so works like this that every time the mail is forwarded, the host sender gets a copy and then he is able to get lists of ‘active’ e-mail addresses to use in spam e-mails or sell to other spammers. In some cases, such mails also waste bandwidth and clog ISP’s mail servers.

Yes… it’s true…! The fact is that these spammers really don’t care about how they get our e-mail addresses as long as they get them.

Well, all I would say is that do a favor for yourself by stop adding your names to such types of listing… no matter how real they might sound, making you feel guilty that if you don’t…. just ignore them and do not participate!

In case we follow the instructions thinking that somehow, somewhere we are supporting a great cause, actually we are not! Just remember that such mails are all about getting e-mail addresses and nothing more! Rather we are inviting tons of junk mail in our inbox that may bring lots of deadly viruses to your computer! As apart from such emails firing up a program that can track where an email has gone and report back to a marketer, they can launch a program that installs itself on your computer to do all kinds of nasty things like, pop-up ads, using your computer to send out spam, or keyboard watchers, etc.

When someone sends one of such mails to us and 20 other people, our email address with such activity gets on the machines of 20 people. If 5 of them forward to 20 more people then our email address is now on about 100 different computers. The reason is that by default, most email programs include the entire list of people the original was sent to when it creates the forwarded copy. And if this activity is repeated a few more times, congratulations as without you doing anything, your email address is on thousands of computers!

Apart from ignoring such emails, the other best way to save you is to have an updated Anti-Virus. Never open an email attachment that you were not expecting. If an email comes through with an attachment, always check with the sender before opening, even if it’s someone you trust. The best idea is to just click the button marked Delete. Don’t click the Spam button as this will add the senders e-mail address to the spam list, and other genuine e-mails the person sends you could also get treated as spam. Also, the sender’s e-mail could get added to the companies black list, which may result in most of their e-mails also being treated as spam to other people they are e-mailing as well. This might not just affect us but others too!

So, conclusion is that by forwarding e-mails just can’t bring us luck or bad luck… if we don’t forward! And, above all the pain and suffering we go through; we are actually helping those spammers to get rich! Let’s not make it easy for them!

So if you are still someone who continues to forward the chain e-mails expecting any luck or due to the fear of bad luck, I urge you to stop this practice… If any junk mail in your inbox… just bunk it!

Previous Older Entries

%d bloggers like this: