Monday, March 22, 2010

You are the Accessory in Online Crime

It used to be that viruses and trojans were highly sophisticated programs that took advantage of obscure weaknesses in software. That is still true, but the emphasis has changed. The level of sophistication is there, but it's different, and in a way much less intimidating (to me).

The art of the grifter is alive and well on the internet and has turned into very profitable business model for criminal organizations in Russia and the Ukraine. The level of organization is now where the sophistication is. What I find interesting is that China doesn't come up in the dialog. China is still relying on sophistication instead of conning.

The entire operation hangs on "Social Engineering" fooling you into allowing some sort of rogue software to be installed on your system. This is actually a lot easier than you would imagine as people often list themselves as the administrator of the system instead of running as a limited privilege user and logging in explicitly as administrator when you need to do system work. Once you have allowed such an installation, you have likely been recruited into an army of computers called a Bot Net.

The take away message is clear. If you get a message that you are not expecting, asking you to click on a link. Don't touch it. If it's your bank, initiate the log in yourself. Places like Facebook are not going to suddenly change your password and send the new password in a like (that's going around today and has been before.)

Some of you may have been harrassed by an "Anti Virus" program. I cleaned a different one off my Mother in Law's computer. Here is one that someone detailed:
Analysis of a Rogue (Fake) AV Program
http://www.secureworks.com/research/threats/rogue-antivirus-part-1/?threat=rogue-antivirus-part-1

Those who are hooked on Criminal Conspiracy TV shows may find this fascinating
Pay Per Install model of Malware Distribution (You only need to read the first 3 pages to get the idea.)
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/pay_per_install.pdf

Understanding Social Engineering
http://www.net-security.org/article.php?id=1403

The Zeus Bot Net
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pdf

No comments: