February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Data Breach Hits Home | Main | Identity Management Must Look Pretty Cheap Now »

January 25, 2008
Hackers' New Bag of Tricks

Remember the scene in the action movie (any action movie), where the heist has gone wrong, way wrong, and not only are the bad guys taking heavy gunfire through the banks big front window, but the bank has now caught on fire and is now in full flame (OK, so maybe a more specific action movie). As dozens of fireman furiously fight the fire, the cops burst through the banks big front window and in all the smoke and glass and confusion can't seem to track down any of the bad guys.

Cops gather in groups out in front of the bank, shaking their head, wondering where the hell could the bad guys have gone. Then it hits them...The fireman, check the fireman. But near the back of one of the firetrucks, the bad guys are already pulling off their gas-masks and loading up the back of the getaway car with bags of dough (note: any Hollywood producers reading this who are interested in the above scenario, have I got a script for you).

Okay, so maybe I got a little carried away, but that's sort of what hackers are doing today, playing the old switcheroo. According to Websense, for the first time ever, hackers are now using legitimate websites to spread their malicious software instead of sites specifically built for the purpose.

Because legitimate sites are already trusted, already have a good reputation, and already have a stable of visitors, the bad guys have realized that, instead of building a fake site from scratch that has no security certificate, it's much easier to simply take over already functioning legitimate ones.

“More and more, attackers are compromising legitimate Web sites to infect visitors with information-stealing code or to add users’ machines to botnets,” said Dan Hubbard, vice president of security research, Websense. “Additionally, they are increasing the sophistication of their attack methods and building resilient infrastructures as we saw with the Storm worm attacks last year. We believe that attackers will continue to be creative and leverage Web 2.0 applications and user-generated content to create even bigger security concerns for organizations. With this in mind, organizations need to ensure their Web, messaging and data security solutions can protect the avenues hackers seek to exploit for financial gain.”

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3080

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map