Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 05/21/07 web stories

Laser targeting by hackers

Cybereye

By William Jackson

A new batch of reports on malicious code are out, and the news just keeps getting worse. Hackers continue to come up with new and better schemes for getting past our defenses.

Internet security service provider MessageLabs uncovered some interesting trends in its report on online threats for March. Not only did the number of targeted attacks go up, but the attacks are becoming more narrowly targeted.

By a wide margin, the most common of the 249 low-volume, high-value attacks identified by the company consisted of a single e-mail sent to one person. Nearly one quarter of the individuals targeted were in government, and that sector was the most commonly targeted by these attacks, by a two-to-one margin. The electronics, aviation, retail, communications and finance sectors rounded out the top tier of targets.

“The bad guys know which organizations have data worth stealing and are picking them out one by one,” said MessageLabs’ senior anti-virus technologist Alex Shipp.

That does not mean that the more widely broadcast attacks are disappearing. To get their malware past antivirus engines, some hackers are employing what Commtouch Software calls polymorphic distribution patterns. That’s a polysyllabic way of saying that hackers are generating a large number of distinct variants of a worm or virus and releasing them in short, intense bursts. This creates many zero-day exploits, increasing the chances of getting them past defenses before new signatures can be developed.

“During the peak early in the quarter, the Storm/Nuwar malware released over 7,000 variants in a single day,” Commtouch reported.

Instant-messaging and peer-to-peer networks also continue to be attractive vectors for malware. Akonix Systems reported 38 distinct new attacks on IM networks in April, the first monthly increase in the number of new IM attacks this year. Attacks on peer-to-peer networks such as Kazaa and eDonkey were also up, with 36 new attacks identified last month. Because IM and P2P often operate outside an enterprise’s accepted-use policy, these applications can provide undefended rogue connections that can be exploited by attackers.

More news on related topics: IT Security, Homeland Security, Web Strategies



GCN Popup