Cyber criminals are attacking computers in a host of new ways, and according to a leader in the field, the security community is struggling to keep pace.
“You used to have to go to bad places to get infected, whether that was pornographic or gambling or software pirating sites,” said John Harrison, Manger of Symantec Security Response, the threat research division of security software company Symantec. “Today, it’s mainstream websites, travel and shopping sites, the gaming site you’re on during your lunch break.”
Up until about three years ago, the perpetrators of computer viruses “used to be a couple teenagers in a basement,” said Harrison. In the past few years, however, the threat landscape has morphed into something significantly more serious.
“Today it’s very well organized individuals with software developing teams,” he told TechNewsDaily.
Where a suspicious seeming inbox message, often written with poor grammar, may have tipped off users in the past, the people and groups behind modern malware are taking new, more stealth approaches to getting into your system.
These cutting-edge cyber attacks come in the form of drive-by downloads, in which a website can silently attack a computer by exploiting vulnerable software or Plug-ins – Adobe Reader, for instance – on the user’s system. The whole attack goes unnoticed.
“You don’t even have to click on anything,” said Harrison. “That’s one of the scariest things.”
Attackers are also using third party advertisements – or "Malvertisements" – to insert Malware onto a system. In this instance, an advertisement will attempt to convince you that your system is infected. The link, which the reader thinks will solve the problem, actually contains the malware.
Malware makers are able also to design programs that use the real logo from a trusted site – a bank, for instance – to lure users into a sense of security, which they then exploit.
Norton AntiVirus, a Symantec product, sells Intrusion Prevention and Browser Protection software to protect against these vulnerabilities. But as the attacks continue, the good guys struggle to keep up.
“In the old days, when there was one piece of malware on 100,000 or a million computers, it was easy for a security company to find,” Harrison explained. “Now, every time you visit a site and it infects you, the software fingerprint is totally new. They’re polymorphic and dynamically generated. If you’re writing antivirus, you write looking for a specific pattern. Now we need a totally new approach.”
In 2000, Harrison said Symantec wrote five antivirus signatures a day to target malware. The number grew to 1,400 a day in 2007 and 15,000 a day in 2009. Today, Symantec writes 20,000 – 25,000 antivirus signatures every day.
“You absolutely can’t keep up,” Harrison said.
Moving forward, Harrison believes social networking will play a bigger role in how cyber criminals target users to attack, with corrupted messages made to look like emails from friends or relatives. Coinciding with the malicious intent of the hacker in the age of the Internet is something criminals of every kind have used to prey on victims for centuries: trust.
For example, Harrison said, within the first week of the 2010 Haiti earthquake, 50 percent of the results that came up when “Haiti Earthquake Relief” was typed in were rigged.