Saturday, May 21, 2011

Hackers dont do different things, they do same things differently... (Part I)


          Criminal hackers never sleep, it seems. Just when you think you've battened down the hatches and fully protected yourself or your business from electronic security risks, along comes a new exploit to keep you up at night. There are 6 different vulnerabilities which can be called Generation-Next vulnerabilities which I would be covering in 6 different editorials:-


1. Text-message malware
         
          While smartphone viruses are still fairly rare, text-messaging attacks are becoming more common, PCs are now fairly well protected, he says, so some black-hat hackers have moved on to mobile devices. Symantec confirmed that any employee who falls for a text-message using a company smartphone can jeopardize the business's network and data, and perhaps cause a compliance violation.
          
          "This is a similar type of attack as [is used on] a computer -- an SMS or MMS message that includes an attachment, disguised as a funny or sexy picture, which asks the user to open it," Nguyen explains. "Once they download the picture, it will install malware on the device. Once loaded, it would acquire access privileges, and it spreads through contacts on the phone, [who] would then get a message from that user."

          In this way, says Joffe, hackers create botnets for sending text-message spam with links to a product the hacker is selling, usually charging you per message. In some cases, he adds, the malware even starts buying ring tones that are charged on your wireless bill, lining the pocketbook of the hacker selling the ring tones.

          Another ruse, says Nguyen, is a text-message link to download an app that supposedly allows free Internet access but is actually a Trojan that sends hundreds of thousands of SMS messages (usually at "premium SMS" rates of $2 each) from the phone.

          Wireless carriers say they do try to stave off the attacks. For instance, Verizon spokeswoman Brenda Raney says the company scans for known malware attacks and isolates them on the cellular network, and even engages with federal crime units to block attacks. There is "no defense against being stupid" or against employee errors. For example, many security professionals training corporate employees one-on-one about cell phone dangers would send them messages with a fake worm. And right after the training session, many employees would still click the link.
          
          To keep such malware off users' phones, Joffe recommends that businesses institute strict corporate policies limiting whom employees can text using company networks and phones, and what kind of work can be done via text. Another option is a policy that disallows text messaging entirely, at least until the industry figures out how to deal with the threats.

          For consumers, common sense is the best defense. Avoid clicking on text-message links or attachments from anyone you don't know, and use extreme caution even with messages from known contacts, who might unwittingly be part of a botnet.

0 comments:

Post a Comment