11-28-2011 08:40 AM
To our panel of experts...
What do you see as the biggest malware / security threat facing most users today? Is it phishing? Or trojan downloaders or fake Facebook aps, or fake antivirus programs, or just what?
11-28-2011 12:05 PM
I'll go with "or just what".
Seriously, although still an ongoing problem, education has made significant leeway in reducing phishing attempts. Improved spam filters have also helped reduce phishing attempts.
Fake antivirus programs (rogues) became prominent around 2005 (remember names like SpyAxe and SpySheriff from the "SmitFraud" family?). Since then there have been hundreds of rogues, many malware writers merely re-naming the previous iteration and missing changes to the GUI (graphic user interface) that presents the fake, "your computer is infected" warning. I've noticed a decided decline in rogues since around May of this year. Rogues remain a serious problem. However, when new rogues were showing up daily, it was more difficult for security programs to keep up with updated definitions to detect them.
Fake antivirus programs can also be classified as trojan downloaders (downloading malicious files from a remote server followed by installing and executing the files). Many of the recent variants have taken on a more serious aspect, aften including a rootkit component.
Tip: If you ever run into one of the fake/rogue antivirus programs, do not click anywhere on the window -- this includes Cancel or the X to close. Instead, use the keyboard shortcut Alt+F4 until all windows are closed. Follow with an updated antivirus/anti-malware scan.
So, after the above discourse, what do I think is the biggest threat today? Java and Flash exploits.
Now, let's see what the other panelists think.
11-28-2011 12:07 PM - edited 11-29-2011 08:01 PM
Actually, IMHO, there are several threats deserving of mention, and it is hard to pin one down as being the "worst":
1. Spam - the greatest danger of spam, aside from the annoyance factor, is that it is clogging up the Internet with its' sheer volume. Today, it represents about 50% of all the volume of the Internet. Tomorrow, or next year, it will become even a greater percentage of the volume. Whether we realize it or not, that costs everyone, other than the spammers of course, money for maintaining and growing the technical capacity of the Internet backbone. And, it is a lot of money being spent just to effectively let those delightful people populate your mailbox or favorite forum with their garbage.
2. The commercialization of malware. Do you realize that if you look hard enough (and I am not going to tell anyone how to do that), you will find several completely illegal sites on the Internet where you can purchase malware "kits". What this means is that it is no longer completely necessary for a malware criminal to actually have some technical knowledge to release malware into the wild. It still requires some knowledge, but no way nearly as much as it used to be.
3. Phishing. These days my email is clogged up with phishing attempts. I get email from such places as the IRS, the Federal Reserve Board, the FBI, the Secret Service, Interpol, my bank, your bank, etc., all telling me that my refund, funds transfer, bank account, etc., requires some action. Look behind it and you find that the email originates from some completely unlikely source. Someplace like Russia, the Ukraine, etc. It might look legitimate, but it isn't, it is a complete fraud and should be deleted immediately.
4. The unwillingness of some governments and ISPs to crack down on criminal activities. And, in some cases, actually be completely supportive of those activities. Turn your country into a haven for crooks, and guess what? The crooks will come. Furthermore, even those governments that try to fight Internet criminals, take so long to develop a case, or it requires such international cooperation, that it is ineffective in fighting the current exponential growth of crime.
5. Ourselves. Believe it or not we are also a major threat to the Internet. Our gullibility, willingness to be cheated, our sheer greed makes a fertile environment for crime to grow. If it weren't for us, crime on the Internet couldn't survive.
I think that's a good start for a list of the "worst" threats.
11-29-2011 05:06 PM
For me I think FakeAV will continue to be one of the security vendors' headaches -- just like spam. The bad guys earn tremendous amount of money with this technique so I don't think they will stop anytime soon.
For the "emerging threat" I think it will be threats for mobie devices since almost all new gadgets can now be connected to the Internet -- which makes it more vulnerable to attacks.
11-30-2011 06:56 PM
As far as specific technologies go, let's see what I can come up:
Hopefully, I have answered your question without trivializing or overexagerrating things too much. The general trend I have seen over the past decades is one of things getting worse, but there are a few spots of brightness. Both the US Government and Microsoft has had some success is shutting down botnets and fraudulent web sites this year, and journalist Brian Krebs is amongst the people doing some great research into the underpinnings of the criminal ecosystem, so I think there is some hope that things will improve in time.