2008 Virus, Hacking Predictions

Websense Security Labs, one of the world's pre-eminent authorities on viruses, spyware and hacking, has released its predictions for 2008 on the biggest upcoming threats.

You need to study these, and become familiar with them. It will go go a long way toward keeping you free from attacks and infections.

Remember, anti-virus programs are not designed to prevent an attack, they are meant as an after-the-fact removal tool. The best way to avoid problems in the first place is to surf the web defensively, just as you "drive defensively." Stay off of the Internet's "dirt roads." Do not click on links that you are not familiar with. Keep your pc updated with Microsoft's critical security updates. Use a browser with a "phishing filter" to warn you ahead of time if you accidentally click on a link to a site that is known to contain crimeware.

Their predictions for 2008:

1. Olympics -- new cyber attacks, phishing and fraud

Event-based attacks and scams are popular, and with the whole world watching, the 2008 Olympics may fuel a surge in cyberattacks. As the Olympic torch burns, Websense researchers predict the possibility of large scale denial-of-service (DoS) attacks on Beijing Olympic-related sites as political statements and fraud attempts through email and the Web surrounding the Olympics. Additionally, Websense predicts compromises of popular Olympic news or other sports sites -- attacks designed to install malicious code on end-users' machines and steal personal or confidential business information.


2. Malicious SPAM invades blogs, search engines, forums and Web sites

Websense predicts that hackers will increasingly use Web spam to post URLs to malicious sites within forums, blogs, in the commentary or "talk-back" sections of news sites and on compromised Web sites. This activity not only drives traffic to the infected Web sites but also assists in the purveyor's site sitting higher on search engine rankings, increasing the risk that users will visit the site.


3. Attackers use Web's 'weakest links' to launch attacks

The Web is an entanglement of links and content. The advent of Web 2.0 additions such as Google Adsense, mash-ups, widgets, and social networks along with the massive amounts of Web advertisements linked to Web pages have increased the likelihood of 'weak links' -- or Web sites and content that are vulnerable to compromises. Websense predicts that attackers will increasingly exploit the weakest links within the Web infrastructure in order to target the greatest number of Internet users. Most vulnerable to these attacks are search engines and large user networks such as MySpace, Facebook or other social networking sites.


4. Number of compromised Web sites will surpass number of created malicious sites

The Web as an attack vector has been steadily increasing for the last five years and now attackers are using compromised sites as their launching platforms -- even more than their own created sites. Compromising sites -- particularly, sites well-visited by end-users, such as the Dolphin Stadium attack that occurred a few days prior to the 2007 Super Bowl XLI in Miami, provides attackers with built-in Web traffic and minimizes the need for lures through email, instant messaging or Web posts.


5. Cross-platform Web attacks -- Mac, iPhone popularity spurs increase

With the brand popularity and growing use of iPhones and Macintosh computers, Websense researchers predict attackers will increasingly launch cross-platform Web attacks that detect the operating system in use and serve up code specifically targeting that operating system instead of attacks based on just the Web browser. Operating systems that are targeted now include Mac OSX, iPhone, and Windows.


6. Rise in targeted Web 2.0 special interest attacks -- hackers targeting specific groups of people based on interests and profile

Web 2.0 has spawned a proliferation of Web users that visit chat rooms, social networking sites, and special interest Web sites such as travel sites, automotive, and more. These sites provide attackers with potential victims that fall within a certain age group, wealth bracket, or people with particular purchasing habits. In 2008, Websense researchers predict targeted attacks will rise toward specific social networking or special interest sites that have a higher probability of delivering a payoff.


7. Morphing JavaScript to evade anti-virus scanners

Hackers are upping the ante with evasion techniques that use poly-morphic JavaScript (Polyscript) -- which means that a uniquely-coded Web page is served up for each visit by a user to a malicious Web site. By changing the code every visit, signature-based security scanning technologies have difficulty detecting Web pages as malicious and hackers can extend the length of time their malicious site evades detection.


8. Data concealment methods increase in sophistication

Websense predicts an increased use of crypto-virology and sophistication in data concealment including the use of stenography, embedding data within standard protocols, and potentially within media files. Toolkits widely available on the Web will be used to embed proprietary information and steal data.


9. Global law enforcement will crack down on key hacker
groups and individuals

In 2007, large-scale Internet-based attacks garnered the attention of law enforcement officials around the world. Websense anticipates that through the global cooperation of enforcement agencies, in 2008 the biggest crackdown and arrests of key members of a hacker group will occur.


10. Vishing and voice spam will combine and increase

The vast cell phone user population has grown into a lucrative market to exploit with spamming and "vishing" for financial gain. To date, researchers have seen an increased number of vishing attacks but not a lot of spam -- or pro-active automated calling. In 2008 Websense predicts that "vishing," or the practice of using social engineering and Voice over IP (VoIP) to gain personal and financial information and voice spam will combine and increase -- users will receive automated voice calls on LAN lines with voice spam to lure them to input their credentials through the telephone.

Summertime fun with the Arkansas Travelers at Dickey-Stephens Park

Big Dam Bridge Over Roaring Ark. River

Swollen by weeks of heavy rainfall in Arkansas, Oklahoma & Texas, the Arkansas River flows beneath the new Pulaski County Pedestrian-Bicycle Bridge at a near flood-stage rate of 260,000 cubic feet per second on April 13th, 2007 at the Murray Lock & Dam's Cooks Landing in North Little Rock, Arkansas.

Arial view courtesy of Google Earth

Malicious website spoofs Dell Online Store

I subscribe to Websense Security Labs email alerts about new virus and spyware infections on the Internet, and recently received this one. It is a good example of the popular attacks being used now on the web.

Remember....forewarned is forearmed!!!

Here is Websense Security Labs alert:

Websense Security Labs has received reports of a new email campaign starting in Australia that attempts to lure users to connecting to a malicious website. The Australia CERT has reported emails that are spoofing the Dell online store. The emails claim that the user is being charged for a camera purchase and requests they connect to a site in order to view their profile. The site is encoding their code via Java Script which decodes to 8 different iframes, all which attempt to load exploit code and download and install new malicious code. The site itself appears to be going up and down sporadically.

See: http://www.auscert.org.au/render.html?it=7595

Sample Email from original advisory:

Subject: Your order #[number] has been accepted for the amount
865.00 AUD

From: Dell online Store

Thank you for shopping with us.

Your order #[number] Canon DF-E037 8.0 MP Digital Camera has been
accepted for the amount 865.00 AUD.

Your card will be charged in that amount.

Thank you for your purchase.


You can check the order in your profile.

HTTP://URL Removed

Thank you.
Dell Online Store.

Although this appears to be a new deception technique the website has been used in malicious code attacks in the past and Websense customers are protected from connecting to it already.

Screenshots are available within full alert.

For additional details and information on how to detect and prevent this type of attack:

http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=774

Make your PC go FAST again!

Has your computer gotten slowwww?
Does it take forever to show a page on the Internet?
Can you take a nap while it boots up?

If this is you it's time for a TUNE-UP!

Now offering your choice of 3 levels of PC optimization:

FAST - $59.00

Clean & correct invalid, broken & missing entries in your
computer's Registry, its "central nevous system" for: registry
integrity, software locations, windows fonts, help & resources,
shared DLLs, start-up programs, add/remove programs, virtual
devices, file extensions, custom controls, deep scan and temporary
files/shortcuts in every area of the C drive. Optimize and compact
the entire registry for faster system performance and reaction time.

FASTER - $89.00

All registry improvements of the Standard package, plus:
Analyze and remove all unnecessary "Start-up Programs" that
continually run in the background and needlessly hog your
PCs resources (power). Also, analyze and remove all
optional "System Services" that, like start-up programs,
constantly run in the background and sap power.

FASTEST - $129.00

All of the improvements of the Deluxe package, plus:
Complete Windows XP Optimization, including defragmenting
and rearranging the boot files for ultra-fast bootup times, as well
as: improve DLL unloading, pagefile cleaning, file allocation
size, clear prefetch folder, increase CPU priority, speed up
IRQ handling and increasing the DNS cache. And for faster
page loading, detailed optimization of your computer's
TCP IP and Browser Settings for a wide, clean,
fast-flowing pipeline to the Internet.

To make your computer fast again,
email me or call anytime to schedule
an appointment at:

231-7906

brad.kennedy@housecall4pc.com

How to identify fraudulent links!

If you're like me you get many emails these days telling you lies like your credit card is over the limit, or has possibly been compromised, or some other account you have is in danger, and you need to "click here" to resolve it.

Or you go to a website somewhere, and there's just an irresistable offer on the other side of a legitimate-looking link that you must click on to get there.

Once you click on any of these innocent-looking links you're sunk. When your browser displays the page it also lets in code that can then turn your PC into their personal slave, sending back things like every keystroke you make, or displaying all those pop-up ads that suddenly begin blossoming on your screen in rapid-fire fashion.

The problem is that hackers can make the link look perfectly legitimate. But there's an easy way for you to tell if it's not.

If the link in question arrived in your email, click on the subject line to select it, then right-click and in the resulting pop-out list, choose "Properties."

In the dialog box that opens, click on "Details" and in that window click on "Message Source." This will give the entire actual html code of your email message. Scroll down to where the link in question is.

If it begins with something like "123.123.234.121" (or any other set of numbers in that format), FOLLOWED by the actual domain name of who they purport to be, like:

123.123.234.121/www.yourbank.com

you'll know it's a fraud. If it was legitimate it would START with yourbank's dot com name.

Do not, repeat do not, rely on what you can see. What is actually displayed MAY NOT BE the true address!!!

If your email program has a "status bar" at the bottom of your screen, such as Outlook Express, an easy way to see the actual, true address is to hold the mouse over the "purported" link and look down in the status bar and you'll see it.

Again, if the true address begins with a series of numbers followed by the real website name, don't go there. If it BEGINS with the real website name, it's legitimate.

But even if it's the real website name, hackers could still have a load of malware code there, waiting to leap into your PC through your browser.

The bottom line is avoid the internet's "dirt roads" and its areas where huge numbers of people congregate. Because of it's popularity, MySpace is now being hit by hackers planting their bogus links to bogus sites, just waiting to infect your PC.

Just remember to surf defensively and beware of strange or unknown links!!!

BEWARE of public computers!!!

Not long ago the motel I was staying at had a desktop computer in the lobby for guests' use. I was in Branson, MO., and was using it to check football scores. I wanted to check my email at my hometown internet provider's website, but stopped short. Too risky.

Why?

A little program called key-loggers. Hackers secretly install them on public computers everywhere. What do key-loggers do? They record every keystroke on a PC. That means your user name and password! Hackers then gather up a key-logger's data and easily find them and use them.

Recently, news reports described the exact same thing was used to get the user names and passwords to online brokerage accounts. Investors would log into their brokerage accounts from public computers such as those in airports while waiting for their flights. You can guess what happened to the brokerage accounts, and it wasn't pretty!

I'm always ranting about computer and internet security, so please add this bit of advice to your brain.

DO NOT under ANY CIRCUMSTANCE log into online accounts of ANY kind from a public computer. Don't take the risk that it may be logging your every keystroke.

This means those innocent looking banks of computers in your library, or in the lobby of the motel you're staying at, or in that airport while you're waiting out your flight.

Protect yourself, stay safe and DON'T DO IT!!!