Electronic Threats 2008

The evolution of events in 2007 where the ‘Spamthru’ trojan moved to become the ‘Storm Worm’ is leaving the threat landscape with a lasting issue for 2008. The great ‘success’ of Fast Flux or Bullet Proof Hosting has enabled the malware to keep a large install base across the globe. This resilience is enabling the controllers to continue delivering ‘services’ from the Bots. The capacity of this network is beyond the current use observed by the security vendors working to protect their customers and reduce the threat landscape. The bots have a theoretical spamming capacity almost 10 times the current activity. But it is not just the volume of traffic that is different from the past. Traffic profile for this has also changed from the previous bots and spam engines. The new profile that can be measured is now in narrow spikes of activity set to reduce the chances of an electronic fingerprint being created for the spam message and associated malware. If this is achieved then the success of delivering the spam is increased. The fine tuning of this has been reviewed over the past 12 months and it can be shown that the time frame for the attack is as short as 11 minutes.

The history of these botnets or even the earlier mechanisms for spam and malware distribution has been through untargeted or ‘carpet spamming’. The growing trend for 2008 is the targeted distribution based on the aggregation of relevant information relating to individuals or positions within organisations based upon their business. These are growing to be very sophisticated and individuals are unwittingly assisting the criminals by publishing greater and greater volumes of information about themselves directly onto the web. The continued growth and enthusiasm for social networking sites combined with public records are making the targeting easier and easier. Individuals need to pay much closer attention to the way that they propagate information about themselves and how it will effect them individually and as an employee. Some companies have witnessed targeted attacks escalate from a couple a week to almost 1,000 in a few hours per day. This is a real growing threat.

So what is being delivered through this increase in sophisticated, targeted, swift and resilient infrastructure?

Well this is changing also. The number of direct attachments to mail items is reducing. A decade of internet based email in common use in industry and in the home has led (very slowly..) to some awareness of the risks of attachments. Now this is due to real incidents and to urban myths but which ever is the most effective the result can be the same. Some degree of thought prior to opening an attachment (but only a little). The rise (also slowly!) in AV products deployed properly and kept up to date in the work environment and within the domestic situation is beginning to reduce the effectiveness of attachment based vectors. The growing trend is now malware in URLs within the email message. These are very rarely blocked by AV/AS tools or firewall applications. These really do require another round of education for people who do not work within IT Sec or InfoSec. So many email messages have URLs in them that it is difficult to get this message across. They are almost like background noise, you could be forgiven for not noticing them at first. But beware these are a real risk to you…

~ by Simon Hancock on March 10, 2008.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: