Easy money for hackers, big headaches for IT - Acura Forum : Acura Forums
AW Lounge A lot of talk about nothing!
For added fun, play in the AW Arcade!

Reply
 
LinkBack Thread Tools Display Modes
post #1 of 17 (permalink) Old 03-04-10, 01:40 PM Thread Starter
Moderatus Emeriti
 
Nikon1's Avatar
 
Join Date: Dec 2006
Location: Somewhere between PA & NJ
Posts: 22,229
Easy money for hackers, big headaches for IT

Unite!

Quote:
There's been a huge increase of malware attached to social networking sites and loosely regulated app stores. Should you lock up your users?


March 04, 2010
Easy money for hackers, big headaches for IT
There's been a huge increase of malware attached to social networking sites and loosely regulated app stores. Should you lock up your users?
Share or Email
| Print | Add a comment|
12 Recommendations

Batten down the security hatches. Hackers are poisoning social networking sites, particularly Facebook, and loosely regulated app stores like the Google Android marketplace, with increasing ferocity. A new study by security vendor AVG found that poisoned URLs posted on Facebook soared by 200 percent in February (compared to the previous month) after increasing by 300 percent in January. (AVG derived its statistics by analyzing URLs blocked by its software.)

The huge spike in rogue software on Facebook is part of a pattern that security experts have seen for several years: tricking users into poisoning their own systems and networks through clever ruses that appeal to curiosity, greed, or lust. No matter how often management tells users not to goof around while on company networks, they do. And IT gets stuck with the mess.

Although the numbers in the AVG study focused only on Facebook, Yuval Ben-Itzhak, AVG's senior vice president of engineering, says other social networking sites are also inadvertent carriers of rogue software. Indeed, Facebook appears to take reasonable precautions, he says, which only underlines the difficulty of combating the threat.

An easy $12,000 a day
A favorite trick of hackers these days is the fake antivirus scan, often attached to a Facebook page. All of a sudden a window pops up saying your system may be infected, but we'll do a free scan. In the better -- that is, more malicious -- versions of this scam, it's very difficult to make the pop-up window go away.

And while it might seem, well, stupid to do so, quite a few users will actually pay something for the bogus software. An examination of various Web logs and other sources reveals that even a small gang can net $12,000 a day, according to Ben-Itzhak. "It's a dream come true for the bad guys," he says. In one seven-day period, more than 80,000 users were affected by the rogue scanner malware.

While the users feel the pain of the antivirus scam, another hack making the rounds targets business information. It's a fake codec. A URL leads a user to a site where a video is posted. To play it, the user needs to download the fake codec, which is actually a container for seriously malicious code designed to steal business information.

That particular scam worked especially well in February, when users were hungry for videos of the Winter Olympics. Similarly, visitors to Foxnews.com who wanted to watch certain video clips last year were tricked into installing a tainted codec. Still, it's difficult to zero in on why Facebook has been hit so much harder this year than last.

To be fair to users, it's worth noting that some of the traditional advice they get from IT or popular publications is no longer adequate. IT tells people to go to only trusted sites. Unfortunately, by the beginning of 2009, the majority of infectious sites were mainstream, says Roger Grimes, a security professional and InfoWorld's Security Adviser blogger.

Facebook says it has not noticed a spike in rogue software. "People have a number of options for controlling the information they share with applications. We also have a dedicated enforcement team that conducts spot reviews of top applications and of many other applications, including looking at the data they need to run the application versus the data they gather," says Facebook spokesman Simon Axten.

Axten points out that apps are subject to privacy settings. "That is, you can configure what your friends' apps can and can't access."

Which is worse: Email or Web 2.0?

AVG isn't the only security company pointing the finger at threats related to Web 2.0 and social networking. Four in five IT professionals polled recently by Webroot said Web 2.0-based malware will pose the biggest security threat this year.

Seventy-three percent said Web-based threats are more difficult to manage than email-based threats, and 23 percent said their company was vulnerable to attacks on Web 2.0 applications, including social networks such as Facebook and Twitter.

No one likes to be hated, but sometimes you have to take security measures that will make your users really angry. You might even have to (gasp) pull some PCs off the Internet and treat some employees like children, suggests David Perry, global director of education for Trend Micro, whose global array of sensors (and information exchanges with other security vendors and customers) now detects an astonishing 100,000 samples of new malware a day.

You know the drill: Tell them going to porn and gambling sites and so on will get them in serious trouble. Because they are adults, you might set up a PC in the break room that has Web access but is not on your network. They may waste time on it, but it won't endanger enterprise security.

I don't mean to pick on Facebook. But I do think that Web 2.0 mavens have to think harder about the problems -- indeed, crimes -- that holes in their sites create for IT.

Link



Nikon1
Perfect paranoia is perfect awareness!
Nikon1 is offline  
Sponsored Links
Advertisement
 
post #2 of 17 Old 03-04-10, 01:44 PM
Banned
 
Duckdog's Avatar
 
Join Date: Apr 2006
Location: The Old West
Age: 61
Posts: 30,196
Reinforces my resolve to never have a Facebook page.
Duckdog is offline  
post #3 of 17 Old 03-04-10, 01:53 PM Thread Starter
Moderatus Emeriti
 
Nikon1's Avatar
 
Join Date: Dec 2006
Location: Somewhere between PA & NJ
Posts: 22,229
X 2



Nikon1
Perfect paranoia is perfect awareness!
Nikon1 is offline  
post #4 of 17 Old 03-04-10, 02:30 PM
AW Detailing Wanker
 
S2K2K4's Avatar
 
Join Date: Jul 2004
Location: East TN
Posts: 16,331
Garage
Send a message via AIM to S2K2K4 Send a message via Yahoo to S2K2K4 Send a message via Skype™ to S2K2K4
Its amazing how some people seem to get these malware infections all the time. Then other users (who often seem a little less clueless) never get them. I'm all for locking down PCs on corporate networks. Would make my job a billion times easier.


Our Father, who art in Autos, hollowed be thy frame. Thy Horsepower come, Thy torque be fun, in Imports as in Domestics. Give us this day our daily fuel, and forgive us our hooning, as we forgive those who hoon against us, and lead us not into chrome accents, but deliver us from rice. For thine is the Cam, and the Piston, and the Rod, for ever and ever. Or until they break.. Amen.
S2K2K4 is offline  
post #5 of 17 Old 03-04-10, 03:46 PM Thread Starter
Moderatus Emeriti
 
Nikon1's Avatar
 
Join Date: Dec 2006
Location: Somewhere between PA & NJ
Posts: 22,229
But then, crackers like me will just find a way to circumvent your lockdown and lay on you for trying!



Nikon1
Perfect paranoia is perfect awareness!
Nikon1 is offline  
post #6 of 17 Old 03-04-10, 03:56 PM
AW resident 'old fart'
 
Slynky's Avatar
 
Join Date: Dec 2005
Location: McDonough, GA
Age: 68
Posts: 21,242
My Mood: Busy
Well, to be fair, no need to pick on Facebook. Quote:

Quote:
To be fair to users, it's worth noting that some of the traditional advice they get from IT or popular publications is no longer adequate. IT tells people to go to only trusted sites. Unfortunately, by the beginning of 2009, the majority of infectious sites were mainstream, says Roger Grimes, a security professional and InfoWorld's Security Adviser blogger.
So...





A veteran is someone who, at one point in their life, wrote a blank check made payable to "The United States of America," for an amount of "up to and including my life."

Slynky is offline  
post #7 of 17 Old 03-04-10, 04:07 PM
AW Detailing Wanker
 
S2K2K4's Avatar
 
Join Date: Jul 2004
Location: East TN
Posts: 16,331
Garage
Send a message via AIM to S2K2K4 Send a message via Yahoo to S2K2K4 Send a message via Skype™ to S2K2K4
Quote:
Originally Posted by Nikon1 View Post
But then, crackers like me will just find a way to circumvent your lockdown and lay on you for trying!
The people that can engineer their way around a locked down account are not people I'm going to worry about calling the help desk when they accidentally infect themselves.

Quote:
Originally Posted by Slynky View Post
Well, to be fair, no need to pick on Facebook. Quote:



So...
Don't install apps from websites unless you know what your getting?


Our Father, who art in Autos, hollowed be thy frame. Thy Horsepower come, Thy torque be fun, in Imports as in Domestics. Give us this day our daily fuel, and forgive us our hooning, as we forgive those who hoon against us, and lead us not into chrome accents, but deliver us from rice. For thine is the Cam, and the Piston, and the Rod, for ever and ever. Or until they break.. Amen.
S2K2K4 is offline  
post #8 of 17 Old 03-04-10, 08:06 PM Thread Starter
Moderatus Emeriti
 
Nikon1's Avatar
 
Join Date: Dec 2006
Location: Somewhere between PA & NJ
Posts: 22,229
Quote:
Originally Posted by S2K2K4 View Post
The people that can engineer their way around a locked down account are not people I'm going to worry about calling the help desk when they accidentally infect themselves.
Circular discussion: I am one of those people who can engineer a way around - and I will not have a facebook or any other "social site" software (including most IM software) on any of my systems. Wanna IM / PM / SMS me - get a Blackberry and use BBM. Most Secure IM software out there!



Nikon1
Perfect paranoia is perfect awareness!
Nikon1 is offline  
post #9 of 17 Old 03-04-10, 11:49 PM
Protect which matters...
 
duck's Avatar
 
Join Date: Apr 2005
Location: Nibiru
Age: 46
Posts: 6,387
My Mood: Lurking
Quote:
Originally Posted by S2K2K4 View Post
Don't install apps from websites unless you know what your getting?
Do what we did; take away admin access from EVERYBODY...give your sys admins and engineers admin accounts that are different from their normal account. Forbid "normal" work using the admin accounts.

This change alone has eliminated thousands of "incidents" a year for us. And I don't spend all my time chasing down rogue apps or dealing with the Business Software Alliance.

If fidelity to freedom of democracy is the code of our civic religion, then surely the code of our humanity is faithful service to that unwritten commandment that says we shall give our children better than we ourselves received....
duck is offline  
post #10 of 17 Old 03-04-10, 11:51 PM
Protect which matters...
 
duck's Avatar
 
Join Date: Apr 2005
Location: Nibiru
Age: 46
Posts: 6,387
My Mood: Lurking
Quote:
Originally Posted by Nikon1 View Post
Circular discussion: I am one of those people who can engineer a way around - and I will not have a facebook or any other "social site" software (including most IM software) on any of my systems. Wanna IM / PM / SMS me - get a Blackberry and use BBM. Most Secure IM software out there!
I know a lot of security professionals on FaceBook; as a matter of fact, many of them are FB Friends of mine. Oh, and we pwned your BBM.

If fidelity to freedom of democracy is the code of our civic religion, then surely the code of our humanity is faithful service to that unwritten commandment that says we shall give our children better than we ourselves received....
duck is offline  
post #11 of 17 Old 03-05-10, 01:09 AM
Mother Goose!
 
Dc5wha?'s Avatar
 
Join Date: Aug 2007
Location: Grants Pass, Oregon
Age: 36
Posts: 10,728
My Mood: Lurking
Send a message via AIM to Dc5wha? Send a message via MSN to Dc5wha? Send a message via Yahoo to Dc5wha?
Old news to me. one reason why I never trusted those pop ups for the past 3 years, one more reason why I love gmail more then yahoo or msn.



"yesterday is history, tomorrow is a mystery, but today is a gift. That is why it is called the present"

._________________________
|.....Overnight.....................| ||
|........Japan Parts................||'|";,___.
|_..._...____________======||_|_|...,]
"(@)'(@)""'''''''''''''"'''"**|(@)(@)*****"(@)
Dc5wha? is offline  
post #12 of 17 Old 03-05-10, 02:39 AM Thread Starter
Moderatus Emeriti
 
Nikon1's Avatar
 
Join Date: Dec 2006
Location: Somewhere between PA & NJ
Posts: 22,229
Quote:
Originally Posted by duck View Post
I know a lot of security professionals on FaceBook; as a matter of fact, many of them are FB Friends of mine. Oh, and we pwned your BBM.




That needs proof or



Nikon1
Perfect paranoia is perfect awareness!
Nikon1 is offline  
post #13 of 17 Old 03-05-10, 10:19 AM
dumber than a box of hair
 
SidS1045's Avatar
 
Join Date: Jan 2005
Location: Stoneham MA
Age: 68
Posts: 816
Quote:
Originally Posted by duck View Post
Do what we did; take away admin access from EVERYBODY...give your sys admins and engineers admin accounts that are different from their normal account. Forbid "normal" work using the admin accounts.

This change alone has eliminated thousands of "incidents" a year for us. And I don't spend all my time chasing down rogue apps or dealing with the Business Software Alliance.
As somone who has been dealing with this almost daily (I'm the sole full-time IT support for over 200 users), I can tell you that removing admin rights from your users won't protect you for long, especially if most of your computers are running XP or earlier versions of Windows. (Vista and Win7, because of UAC, protect the PC quite a bit better.) The malware authors are getting smarter. I've already had four or five computers with restricted user rights get infected with the fake antivirus garbage, requiring re-imaging in each case.

"A nation of sheep will beget a government of wolves." - Edward R. Murrow
SidS1045 is offline  
post #14 of 17 Old 03-05-10, 08:49 PM
Protect which matters...
 
duck's Avatar
 
Join Date: Apr 2005
Location: Nibiru
Age: 46
Posts: 6,387
My Mood: Lurking
Quote:
Originally Posted by SidS1045 View Post
As somone who has been dealing with this almost daily (I'm the sole full-time IT support for over 200 users), I can tell you that removing admin rights from your users won't protect you for long, especially if most of your computers are running XP or earlier versions of Windows. (Vista and Win7, because of UAC, protect the PC quite a bit better.) The malware authors are getting smarter. I've already had four or five computers with restricted user rights get infected with the fake antivirus garbage, requiring re-imaging in each case.
I also enjoy working in an environment where people who break the rules get dealt with...and it's not a pleasurable experience. We have a massive blacklist of websites that our proxies will not allow, and a relatively small whitelist. Edge UTMs and firewalls, our Exchange environment is fortified to say the least. The combination of rules and technical defenses in place serve us really well.

That is not to say that I don't weekly have to deal with someone who decides to be dumb and take advantage of a privileged account and get themselves into trouble. And I have learned that if you are a bad guy, take advantage of Adobe's crappy developers and send PDF files with titles like "Anna Kournikova--HOT!" to a bunch of males...and just wait. One stupid guy will open a compromised PDF and open a whole to the bot armies of the world.

It's a people problem, always will be.

Quote:
Originally Posted by Nikon1 View Post
[/B]



That needs proof or
Yeah, I don't know chit about BBM. But never trust any cell carrier or their devices to be "secure". More and more badguys are focusing on the various cell technologies and the lucrative possibilities they present.

If fidelity to freedom of democracy is the code of our civic religion, then surely the code of our humanity is faithful service to that unwritten commandment that says we shall give our children better than we ourselves received....
duck is offline  
post #15 of 17 Old 03-06-10, 08:04 AM Thread Starter
Moderatus Emeriti
 
Nikon1's Avatar
 
Join Date: Dec 2006
Location: Somewhere between PA & NJ
Posts: 22,229
Quote:
Originally Posted by duck View Post
I also enjoy working in an environment where people who break the rules get dealt with...and it's not a pleasurable experience. We have a massive blacklist of websites that our proxies will not allow, and a relatively small whitelist. Edge UTMs and firewalls, our Exchange environment is fortified to say the least. The combination of rules and technical defenses in place serve us really well.

That is not to say that I don't weekly have to deal with someone who decides to be dumb and take advantage of a privileged account and get themselves into trouble. And I have learned that if you are a bad guy, take advantage of Adobe's crappy developers and send PDF files with titles like "Anna Kournikova--HOT!" to a bunch of males...and just wait. One stupid guy will open a compromised PDF and open a whole to the bot armies of the world.

It's a people problem, always will be.



Yeah, I don't know chit about BBM. But never trust any cell carrier or their devices to be "secure". More and more badguys are focusing on the various cell technologies and the lucrative possibilities they present.
Research In Motion (RIM - Manufacturer of BlackBerry) has the best compression / security in the cell phone business: Come on Duck, why do you think all the "Movers and Shakers" (like POTUS) in DC all have BlackBerrys - not Motorola, HTC, LQ or any other communicators: SECURE COMMUNICATIONS. All the BBM go through RIM's servers / channels - not AT&T or Verizons.

BBM = Security



Nikon1
Perfect paranoia is perfect awareness!
Nikon1 is offline  
Sponsored Links
Advertisement
 
Reply

  Acura Forum : Acura Forums > Off-Topic > AW Lounge

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Acura Forum : Acura Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in











Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome
 

Ad Management plugin by RedTyger