September 26, 2010 08:00 am
Believe it or not, hackers have grown lazier. According to security experts, digital miscreants and criminals no longer have to spend hours creating their attacks. They can just check off a few boxes to generate convincing phishing websites and malware that’s made to look like legitimate security software. Symantec alone receives roughly 20 million pieces of malware each month, up from 10 million in 2008. We sat down with Patrick Martin, senior manager at Symantec’s security response and Dmitri Alperovitch, vice president of threat research for McAfee, to get a handle on which threats to watch out for and how to protect your data.
Antivirus In Disguise
File this under “rotten scams that have gotten worse.” Researchers from Symantec and McAfee agree that “rogue AV,” or malware that pretends to be security software, has become more common. The scary thing is that you can encounter a dialog box belonging to malicious so-called security software even while browsing a legitimate website. Once you download the malware (surrendering your credit card number in the process, of course), the thieves can not only use this information to extort more money, but sell other hackers access to your computer, install password-stealing trojans to extract more sensitive data, or use your PC as a bot that spams and infects other computers.
Fortunately, updated security software should keep you safe, but for added protection we recommend that if you see a pop-up from an unfamiliar security program, click the back button in your browser and get off that site as fast as possible. If the pop-up is a dialog box, just click the X to close it.
Martin says the problem will only continue getting worse so long as there are suckers out there falling for such scams. “It works: people click,” he said. “It’s just like marketers. People send junk mail because it works.” McAfee, for one, has a free cybercrime response unit, including an online scanner as well as access to agents who can help resolve problems.
In the 1980s people fell prey to a series of scams that became known as Nigerian bank fraud, in which con men from this African country sent letters to Americans, posing as exiled princes in need of a loan. Since the Internet has become ubiquitous, these scammers have turned to e-mail, either asking for sensitive information, such as bank account numbers, or leading people to fraudulent websites that pretend to be bank portals.
Recently, though, ploys like these have grown more convincing. By hacking into someone’s Facebook or Twitter account, a hacker can send messages to that user’s friends, pretending to be the owner of the account. Symantec’s Martin and McAfee’s Alperovitch have each seen plenty of instances in which thieves pretend that the owner of the account has found him or herself in a foreign country, robbed or otherwise bereft of money.
Other hackers embed their messages with links to phishing sites. Alperovitch warns that once a hacker has gained access to your friend’s profile, he has a dangerous amount of information about both his victim and you. “If you have a Facebook page that’s talking about your personal life,” he said. “Your friends—all that information can be accessed by fraudsters and used to craft a phishing message that’s targeted specifically at you.”
Regardless of what form the attack takes, the consensus is that on social networks, people let their guard down around virtual friends. “The level of awareness, the inhibitions someone might have in saying, ‘I don’t know if that’s safe to do’ is sometimes lower,” said Martin.
Mac Attacks On the Rise?
To be sure, Macs have gained market share over the years, and although Mac-based threats are more common than they used to be, security experts insist that hackers still prefer to target Windows on account of its higher user base. “It’s still only a fraction of the number of attacks that we see on the Windows platform,” said Alperovitch. That doesn’t mean these attacks aren’t rising, though. Alperovitch added that he’s seen a powerful trojan for Macs that corrupts the domain name system (DNS)—the mechanism that ensures you’re taken to the correct website when you type in a URL. With a corrupted DNS, one could type in Bankofamerica.com and instead get sent to a phishing site that masks itself as the bank’s log-in page. Symantec’s Martin agrees there’s been just a slight increase, but warns that in two or three years, Mac’s relative security could change.
Smart Phone Espionage
While it’s gaining momentum in other parts of the world, such as Europe and Asia, cell phone attacks remain uncommon in the U.S. Symantec senior manager Patrick Martin, who describes this category of attacks as “nascent,” says that’s not because phone operating systems are impenetrable, but because Americans, by and large, still aren’t using their phones to carry out financial transactions. “If it moves in that direction on mobile devices, you can bet attackers are going to be there,” he said.
So far, adds McAfee vice president Dmitri Alperovitch, most attacks on cell phones have been part of larger corporate and government espionage schemes. In fact, mobile attacks include not just your garden variety password-stealing trojans, but malware that allows intruders to activate the camera and microphone as a way of monitoring someone’s conversations and surroundings, even using triangulation to keep tabs on his or her location.
The most commonly attacked platforms are BlackBerry and Windows Mobile, since both possess healthy market share among business users. Thus far, Alperovitch says, iPhones have proven more difficult to hack thanks to Apple’s app approval process, although he has seen malware for jailbroken iPhones. If you’re a consumer looking for some extra protection, though, you can buy mobile security software from companies such as Kaspersky, McAfee, and Symantec. These services, which cost around $30 a year, generally protect Symbian and Windows Mobile devices, though Symantec also has an Android product.