Why Malicious Programs Spread So Quickly?

It seems that nowadays cybercriminals prefer cash to fun. That is why malicious programs of various kinds (viruses, worms, Trojan horses, etc.) are very often aimed at stealing valuable -- in a direct sense of this word -- private and financial information. When written, these programs are spread all over the Web.

What do means of their distribution have in common? Thinking a bit about it will help us ordinary Web users realize how to behave online and what to avoid.

Let's use logic and good old common sense. What do you think are the most suitable (for a criminal)means to spread malicious code? The answer is almost obvious. It is something which, first,ensures his anonymity and, second, offers victims (i.e. us) very little or no protection against malware. Last, but not least -- this means should be very cheap or, even better, free.

(I'll confine myself to mentioning only those means which endanger EVERY Internet user. Not everyone exchanges files or downloads music and freeware. But is there anybody who doesn't send and recieve email or visit websites?)

Well, if you were a cybercriminal who wanted to spread a malicious program quickly and as widely as possible, how would you distribute it?

What first comes to mind? First, sending contaminated emails through spam. It is possible (and not too difficult for, say, a programmer) to enclose virtually anything into the attachment. With more effort, a programmer can create a message without any attachments that will infect a PC anyway.

Though many email service providers offer basic anti-virus protection, they aren't obliged to do it. How effective this protection is -- that's another question.

Besides, spam is very cheap to distribute. Of course, spammers of all stripes don't use their own machines. Why should they? They prefer PCs which became remotely controlled after being infected with a special program. Cybercriminals build huge networks of such machines and hire them out to spammers. Using "bots" (they are also called "zombies" or "slave computers") gives a spammer so valued anonymity -- spam messages come to frustrated PC users from IP addresses registered somewhere on the other side of the globe.

What about other possibilities? Websites. Malicious websites are very dangerous.Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code.

When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for stealing information.

Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) -- so the information is captured even if the user doesn't type anything, just opens the views the file.

Blogs can be contaminated with malware, too. In April experts from Websense Security Labs warned users that they discovered hundreds of these "toxic" (contaminated with malcode) blogs set by hackers. Blogs are suitable for them: there are large amounts of free storage space, no identity authentication is required to post, and there is no scan of posted files for viruses, worms, or spyware in most blog hosting services.

Three months passed, and here is the quote from a new Websense report released this Monday, July, 25th : "hackers are using free personal Web hosting sites provided by nationally- and internationally-known ISPs to store their malicious code?" This July Websense detected that these sites are used for this purpose much more often. The company's senior director of security and technology research said that "in the first two weeks alone we found more instances than in May and June combined." By all means it's a tendency, and a very disturbing one.

Such sites are free and easy-to-create. With the average lifespan of between two and four days, they are difficult to trace. Free hosting services rarely offer even basic security tools. Short-lived websites,no files scanning for viruses, nothing prevents "authors" form uploading executable files ? isn't such a site an ideal tool for distributing malicious code?

Anonymity of the creator -- no end user protection -- no cost. What else can a cybercriminal wish? That is why there was the outbreak of "toxic blogs" in April - and that's why infested free websites are multiplying so quickly now.

But how to contaminate as many computers as possible? It is the aim of cybercriminals, isn't it? The more traffic, the more programs lands on end users' computers. Hackers attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM).

They are ingenious in finding new ways to make people open an attachment or click on a link to visit a certain website, though people are constantly told not to follow links in spam.

Just some of their dodges -- disguising infected spam emails as CNN news alerts, subject lines with "breaking news" like "Osama bin Laden caught", "Michael Jackson tried to commit suicide". How about celebrities in the nude? Just click! And, one of the latest, an "amateur video" that ostensibly shows London bombing sights.

These (and similar) tricks are usually called social engineering. Online criminals have become good psychologists -- the big bucks which crimes like online bank fraud can bring turned them into earnest students.

However, there is one thing that spoils the mood of those who spread malicious programs.

To hackers' deep regret, people become more aware of the risks they face in the Internet. A study by Pew Internet and American Life Project released on July 6th shows that:

91% (!) of respondents (adult Internet users from the U.S.) changed their behavior online one or way another. 81 % have become more cautious about e-mail attachments 48 % have stopped visiting certain websites which are said to be harboring malicious programs People stop using file-sharing software (25%) and even start using Mozilla, Firefox or other browser instead of Internet Explorer (18%)

Well done! Actually, there is nothing left for us users but to become more conscious of the threats and more cautious in the Web. Every PC user has to care for his information himself, protecting his own computer against numerous data-stealing programs of all sorts.

But don't you think that protection against various malicious programs shouldn't be only end users' private business? It is up to service providers to offer at least basic protection for end users and break this "triad" (Anonymity of the creator -- little or no end user protection -- little or no cost) which enables all this crap to spread so easily.

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company that provides various products and services for information security. Software aimed at making identity theft impossible, services like protected email and protected Web hosting are only small part of what this company offers.

Learn more -- visit the company's website http://www.anti-keyloggers.com

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

CNN

'Hero' security guard shot, killed by police
CNN
With a 9-month-old boy and another baby on the way, the 26-year-old security guard Jemel Roberson stopped a gunman at a suburban Chicago bar, but police shot and killed him shortly after. CNN's Ryan Young reports. Source: CNN ...


CNN

Kanye West donates $150000 for security guard killed by officer in suburban Chicago
CNN
"My baby lost his father, his hero" Avontae Boose, the mother of Roberson's son, told CNN affiliate WLS. "Jemel loved his babies so much." Correction: A previous version of this story misstated the city where security guard Jemel Roberson was fatally shot.
Kanye West donates $150000 for security guard killed by officer in ChicagoNewsChannel5.com

all 69 news articles »

WIRED

Security News This Week: Japan's Top Cybersecurity Official Has Never Used a Computer
WIRED
Facebook's transparency report also reveals that between 2014 and 2017, Facebook reports the US government served it with 13 national security letters, the secret subpoenas the FBI issues to companies for data without any judicial oversight, and about ...


NPR

Inside The Business Of School Security To Stop Active Shooters
NPR
School shootings have taken a terrible human toll. They have also been a boon to the business of security technology. Over the summer, Washington Post reporter John Woodrow Cox saw an array of items on display at an expo in Orlando, Fla. He and fellow ...
School shootings have fueled a $2.7 billion school safety industry. What makes kids safer?Washington Post
Despite Heightened Fear Of School Shootings, It's Not A Growing EpidemicNPR

all 43 news articles »

Nashville Honky-Tonks Rethink Security in Wake of Shootings
U.S. News & World Report
"I would have never dreamed even four years ago that I'd be going through an active shooter course that Homeland Security is putting on in Nashville, but I've gone through every course our police department has offered and the things the federal ...

and more »

New York Times

The Latest Trends in Home Security
New York Times
These systems send video footage to electronic encoders at security monitoring centers — either in apartment buildings or off-site locations run by a security firm. The encoders analyze and break down the video into data, and send alerts and responses ...


ABC News

Kanye West seemingly donates $150000 to GoFundMe page for Chicago security guard fatally shot by police
ABC News
A GoFundMe campaign set up for the family of a black security guard who was fatally shot by an Illinois police officer has raised more than double its $150,000 goal, in large part thanks to apparent donations by rapper and Chicago native Kanye West.
Kanye West Donates $150000 to Family of Chicago Security Guard Killed By PoliceE! Online
Jemel Roberson: Family demands police release name of cop who shot black security guardUSA TODAY
Illinois Police Killed a Black Security Guard While Doing His JobACLU (blog)
CBS News -WLS-TV -WAFF -GoFundMe
all 386 news articles »

CNET

Facebook ex-security boss Alex Stamos: Firm blew it, but so did others
CNET
That's the word from the social network's former chief of security, Alex Stamos, who aired his views in a Washington Post opinion piece Saturday, three days after a front-page report in The New York Times threw a nasty light on Facebook and its top execs.

and more »

Gwinnettdailypost.com

Gwinnett Place CID emphasizing increased security during holiday season
Gwinnettdailypost.com
Pulling up next to a car parked behind the Esplanade at Gwinnett Place Shopping Center, Gwinnett Place Community Improvement District Security Patrol Officer Tom Reilly rolled down his window, motioning to the other driver to also lower his window.


Homeland Security Adviser No Stranger to Controversy
Wheeling Intelligencer
CHARLESTON — The latest issue involving the former director of the West Virginia Division of Homeland Security and Emergency Management is among others involving Jimmy Gianato since his appointment 13 years ago. On Nov. 11, lawmakers were ...

Google News

Spyware, What It Is, What It Does, And How To Stop It

Spyware is software that runs on a personal computer without... Read More

Top Five Online Scams

The top five online scams on the Internet hit nearly... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

Pharming - Another New Scam

Pharming is one of the latest online scams and rapidly... Read More

Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code ------------------------------------- I had... Read More

Free Ways to Tackle Threats to Your Computer

Protect Your PCHaving problems with your pc? Do your kids,... Read More

Cyber Crooks Go Phishing

"Phishing," the latest craze among online evil-doers, has nothing to... Read More

How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances

Spyware/adware is a new major concern for PC users everywhere.... Read More

The Important Steps To Protect Your Kids on the Internet

Internet is the ocean of knowledge. In this ocean you... Read More

How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer

If you use the internet, you have probably been infected... Read More

Five Excellent Indie Encryption And Security Solutions You Have Not Heard About

1. Geek Superhero http://www.deprice.com/geeksuperhero.htmGeek Superhero watches your computer for changes,... Read More

Web and Computer Security

Well, if that would have been said to me by... Read More

Phishing - A High Tech Identity Theft With A Low Tech Solution

Have you ever got an email asking you to confirm... Read More

How to Prevent Online Identity Theft

Identity theft rates one of the fastest growing crimes in... Read More

6 Ways To Prevent Identity Theft

These six ways to prevent identity theft offer you valuable... Read More

Personal Firewalls - Secure Your Computer

There has not been a time in the history of... Read More

A Painless Plagiarism Solution

A crowded marketplace can lead to unethical webmasters using underhand... Read More

Ransom Trojan Uses Cryptography for Malicious Purpose

Every day millions of people go online to find information,... Read More

A New Era of Computer Security

Computer security for most can be described in 2 words,... Read More

Identity Theft - Dont Blame The Internet

Identity theft ? also known as ID theft, identity fraud... Read More

Click Here To Defeat Evil

Microsoft routinely releases new security updates, many of which are... Read More

Are You Surfing Safe?

Ok, you've got a computer, and you get online. You... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More