 |
 |
Storing tons of files on your desktop is never a good idea, and Teknograd Mac Support from Norway has come up with an ad campaign that visualizes the feeling of helplessness that a cluttered desktop can cause. Thanks to faithful Macenstein reader John Hawkins for the pics!
First it was do-it-yourself malware and phishing toolkits, then it was specialized sites selling stolen FTP credentials and credit card accounts, and now it’s the next phase in cybercrime: crimeware as a service.
Researchers at Finjan, MarkMonitor, and Trend Micro are among those seeing a new cybercrime business model, where sophisticated cybercriminal organizations set up shop as service providers to other bad guys, offering them online, point and click criminal software as a service — often with customer service guarantees. The trend is one of the key findings in Finjan’s new Web Security Trends Report for the first quarter of this year, which the company released today.
“We are starting to see more sites like this, where criminals are going another step forward and turn out to be a service, a cybercrime as a service,” says Yuval Ben-Itzhak, CTO at Finjan.
“With relatively less effort, they can get more money. Instead of collecting data and trying to sell it, which takes more time, they build a platform to do that, and can reach a wider audience that would like to commit these crimes,” he says. This lets other criminals who don’t want to install and update their own software or run their own malicious servers get their stolen information via a Web-based service that does the dirty work for them.
“This is another step forward for criminals to improve their market, the commercialization of stolen data,” he says.
Microsoft Corp.’s operating systems run most personal computers around the globe and are a cash cow for the world’s largest software maker. But you’d never confuse a Windows user with the passionate fans of Mac OS X or even the free Linux operating system.
Unless it’s someone running Windows XP, a version Microsoft wants to retire.
Fans of the six-year-old operating system set to be pulled off store shelves in June have papered the Internet with blog posts, cartoons and petitions recently. They trumpet its superiority to Windows Vista, Microsoft’s latest PC operating system, whose consumer launch last January was greeted with lukewarm reviews.
No matter how hard Microsoft works to persuade people to embrace Vista, some just can’t be wowed. They complain about Vista’s hefty hardware requirements, its less-than-peppy performance, occasional incompatibility with other programs and devices and frequent, irritating security pop-up windows.
For them, the impending disappearance of XP computers from retailers, and the phased withdrawal of technical support in coming years, is causing a minor panic.
Take, for instance, Galen Gruman. A longtime technology journalist, Gruman is more accustomed to writing about trends than starting them.
But after talking to Windows users for months, he realized his distaste for Vista and strong attachment to XP were widespread.
“It sort of hit us that, wait a minute, XP will be gone as of June 30. What are we going to do?” he said. “If no one does something, it’s going to be gone.”
Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits.
The XPMs (exploit prevention mechanisms) have been fitted into the WIndows and Mac OS X versions of QuickTime 7.4.5, a new update that also patches 11 high-risk security vulnerabilities.
According to a source familiar with Apple’s moves, QuickTime for Windows Vista now features ASLR (address space layout randomization), a security technology that randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses.
ASLR, which has been used by Apple to add code scrambling diversity to Mac OS X Leopard, is used in tandem with additional security features to reduce the effectiveness of exploit attempts.
Several open-source security systems – OpenBSD, PaX and Exec Shield – already implement ASLR in some form. Microsoft has also fitted ASLR into default configurations of Windows Vista.
Cybercriminals have created a global business with a supply chain every bit as organized and sophisticated as that of any legitimate business. The difference is that cybercrime takes advantage of unsuspecting consumers and insecure businesses to steal untold amounts of money.
According to security experts and spam fighters speaking at a panel discussion last week at the RSA Conference, the modern, online criminal ecosystem starts with botnets, which are consumer or college PCs that have been taken over by hackers. A cybercriminal can easily go online and buy a bot-herd. In fact, Joe St. Sauver, manager of security programs at the Internet2 networking consortium and the University of Oregon, said there are 5 million to 5.5 million botnets in active rotation at any time.
Of course, cybercriminals need only a few hundred spambots to send out millions of spam e-mails. Today, a cybercriminal can hire programmers to come up with the latest and greatest types of spam, such as image spam or spam put into PDF attachments. Spammers send test runs through ISPs to see what types of spam get through the easiest, said Larry (who refused to disclose his last name) from the spam-fighting SpamHaus Project.
The types of spam include the traditional “ump and dump” stock-manipulation spam, plus spam for a variety of products. Cybercriminals have become so good at it that they use phishing to fool customers into going to a fake pharmaceutical site and actually fulfill orders for drugs so they can get repeat business. Patrick Peterson of Cisco’s IronPort division said this means the cybercriminals have a back-end ecosystem that takes orders, boxes up pills (which may or may not be the pills that the customer ordered) and sends a physical order to the customer.
