Home  Nieuws Beveiliging Blending Blending, een nieuwe variant
Editorial
Nu er een golf nieuwe software over de mensheid uit gestort gaat worden, niet alleen door Microsoft, maar ook door de Open Source Software groep, Mozilla en anderen, zullen wij extra aandacht besteden aan deze nieuwe producten. Wij zullen met name focussen op ernstige gebreken en nieuwe -het leven aanzienlijk veraangenamende- features en navenante voordelen, alwaar wij onze bezoekers regelmatig kond van zullen doen.
N.B.: Wij vragen onze bezoekers zich te registreren via het login menu in de rechterkolom.
Een groeiend aantal artikelen zullen wij alleen specifiek ter beschikking stellen aan klanten van theHelpdesk.nl en aan onze geregistreerde bezoekers binnen de Registered User Section en het afgeschermde gedeelte van HackersWorld (full disclosure exploits). (te bereiken na registratie en/of login)
|
Blending, een nieuwe variant |
|
|
|
|
Written by Administrator
|
|
Sunday, 17 September 2006 |
Blending een mix van bedreigingen voor de veiligheid
Criminals Increasingly Blend IT Threats
By Matt Hines July 7, 2006
Security researchers at software maker MessageLabs contend that malware writers, hackers and other cyber-criminals are combining multiple forms of IT threats in an attempt to amplify their efforts.
In the company's latest IT security intelligence report, MessageLabs experts said that criminals are converging their attacks across multiple communications channels, such as e-mail, instant messaging networks and Web sites, and are also pulling together information-gathering techniques, including spyware, spam and phishing schemes, as they seek new ways to menace businesses and consumers.
As businesses and home users have become increasingly savvy about traditional threats delivered via e-mail attachments, criminals are finding new ways to lure end users to consume their attacks, according to the report. Researchers specifically cited a growth in the number of threats that use spam e-mail messages or IMs to distribute links to Web sites where malware or spyware is secretly downloaded to end users' computers.
Criminals are also using data garnered from PCs already infected with their botnet virus code to refine their other spam and spyware efforts, said Paul Wood, senior analyst with New York-based MessageLabs. At the end of the day attackers are using any means they can find to build more detailed profiles of individuals in the name of committing identity theft or other forms of fraud against them, he said.
"As a consequence of businesses more closely watching and filtering e-mail, cyber-criminals are looking for other ways to defeat perimeter defenses and creating much smaller-scale attacks aimed at more targeted audiences," said Wood. "There are fewer attacks delivered via attachments, but far more phishing-like schemes that lure people to malicious Web sites; the HTTP protocol still isn't locked down at most businesses."
A perfect example of the trend toward converged attacks can be found in a newly discovered threat aimed directly at users of eBay's PayPal online payment site. The attack uses a phishing e-mail in an attempt to persuade PayPal customers to call a phony customer service call center where they are asked to disclose personal information including their credit card details by an automated voice system.
Using other common forms of converged attacks, criminals are creating Web sites that distribute small "dropper" malware files that secretly infiltrate PCs and later deliver larger Trojan viruses. Botnet operators are also becoming more sophisticated, using spyware loaded onto the machines they control to garner personal information that can be used to help target other attacks, MessageLabs said.
"The Botnet operators are analyzing behavior and harvesting as much information as they can about each computer, then using that information to target attacks based on the banks or other companies you actually do business with," Wood said. "The information that is acquired is being used to create very specific attacks, and it is being sold to other criminals."
MessageLabs said that during the month of June, the ratio of e-mails it tracked that were carrying viruses actually decreased by 0.5 percent, compared with May. However, the company indicated that there has been a noticeable increase in the number of highly targeted Trojan attacks it has charted, specifically those designed to steal intellectual property from businesses, with approximately one such threat arriving per day, compared with one or two per week during the same period in 2005.
The number of phishing attacks discovered by MessageLabs also decreased slightly in June, dropping by 0.12 percent compared with the previous month, but the proportion of all e-mail-borne threats that contained phishing schemes rose to 18.6 percent, compared with only 12.1 percent of all malicious e-mails in May.
The report contends that spammers also continue to become more sophisticated in refining their attacks. MessageLabs said that criminals are turning to new mediums such as mobile text messaging, Web-based instant messaging, blogs and social networking communities such as MySpace.com to bypass e-mail-based anti-spam measures and more effectively target recipients.
The company said that 64.8 percent of all worldwide e-mail traffic consisted of spam in June, representing a 6.9 percent increase over May's totals.
Overgenomen van eWeek. |
|
Last Updated ( Thursday, 12 October 2006 )
|
|
Over deze Website
Zowel deze NIEUWS site als het bijbehorende eZine zullen voor een groot deel, qua inhoud, bestuurd kunnen worden door onze klanten en de bezoekers van onze website(-s).
Wij nodigen U dan ook uit, op dit moment nog via e-mail,
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
, om de voor U interessante onderwerpen aan te melden. U kunt hierbij denken aan de vaste rubrieken op beveiligingsgebied, onderzoek en technologie (zowel fundamenteel als toegepast onderzoek), waarschuwingen uit de praktijk. Daarnaast kan men denken aan, bij voorbeeld, uitleg van bepaalde zaken, zoals protocollen, technieken, methodieken, maar ook commentaren op ontwikkelingen e.d.
Als onze klanten en bezoekers zelf ook een bijdrage willen en kunnen leveren, worden zij hiertoe hartelijk uitgenodigd. Het delen van kennis, zowel vanuit een professioneel-, als een gebruikersperspectief, is de missie van deze nieuwsvoorziening.
Het e-Zine zal maandelijks worden toegezonden aan de klanten van theHelpdesk.nl en aan geregistreerde bezoekers van deze website. Daarnaast kunnen zij Alerts en Waarschuwingen verwachten, buiten de reguliere verzending van het e-Zine om, indien het nieuws dit nodig mocht maken.
News Feeds / Syndication / links.
Wij hebben als extra service aan onze bezoekers besloten de syndication e/o news feeds aanzienlijk uit te breiden.
Ook het aantal overige news feeds en links zal in de nabije toekomst aanzienlijk worden uitgebreid. Voorts verwachten wij op grond van de binnengekomen e-mails binnenkort een aantal rubrieken toe te kunnen voegen.
|
|
|
