| The time when worms and viruses were a top priority | | | | Sancho, an antivirus engineer at security company |
| of IT are long behind us. Botnets and phishing attacks | | | | Trend Micro. David pointed out an attack in Germany |
| now dominate the webscape and new variations are | | | | which claimed to be from a power company and |
| emerging daily.Botnets: | | | | asked the recipients to click on an attached file that |
| To give you an idea on how prevalent this threat is | | | | appeared to be a PDF document, which is a file type |
| becoming, Zombie Master Jeanson Ancheta pleaded | | | | that the power company uses for paperless billing. In |
| guilty to seizing control of hundreds of thousands of | | | | actuality, the file had a .pdf.exe extension and installed |
| Internet-connected computers and renting the zombie | | | | a Trojan on the user's computer when it was |
| network to people who used it to send out spam. | | | | executed.The Trojan then monitored the user's Internet |
| Keep in mind that this "Zombie Network" included | | | | activity (Web pages and online banking access), and |
| computers at the Weapons Division of the U.S. Naval | | | | sent this information to the Trojan's creator. "It is |
| Air Warfare Center in China Lake, California, and at | | | | smarter, because they (the Internet criminals) don't |
| the U.S. Department of Defense.Ancheta admitted that | | | | have to set up a fake server,", said David.According to |
| the scam netted him over $60,000 over 14 months | | | | Mikko Hypponen, Chief Research Officer at F-Secure. |
| before it was detected. This mindset, motivated by | | | | "The bad boys are getting more professional and |
| money and working in the background, is typical of the | | | | doing more targeted attacks."Though Windows PCs |
| new generation of Internet criminals. The spyware | | | | remain the primary target for attacks, prepare to see |
| they surreptitiously plant on an unsuspecting user's | | | | more sophisticated Botnets and phishing attacks, as |
| computer leaves a very small footprint (barely | | | | well as attacks targeting cell phones and RSS News |
| detectable) and worka as a "Slave" to a remote | | | | Feeds.The Solution |
| "Master". The End user usually isn't aware that their | | | | These attacks are major problems that cannot be |
| personal computer or workstation has been "hijacked" | | | | easily resolved, because the target PCs are primarily |
| as the computer continues to function, perhaps a little | | | | home computers and corporate networks connected |
| slower."Botnets", also known as Bot Networks, are | | | | to an ADSL line. According to Hypponen "It takes a lot |
| masses of hijacked computers, sometimes numbering | | | | of end-user support to explain to a grandmother how |
| in the hundreds of thousands as was the case with | | | | to configure the computer. So most ISPs are not doing |
| Ancheta who admitted to directing more than 400,000 | | | | anything about it".For networked environments, there |
| computers. Industry research indicates that almost | | | | are several alternatives that can be implemented at |
| 200,000 computers become zombies EVERYDAY | | | | your network's perimeter to mitigate the security risk. If |
| and that figure is steadily rising (Source: | | | | you believe your personal computer or organization's |
| CipherTrust).Historically, Botnets were used to launch | | | | network may be at risk, please consult a PC expert or |
| DDoS (Distributed Denial of Service attacks) on | | | | corporate information security consulting firm for |
| websites. A disturbing new trend developed by this | | | | immediate assistance.Ray Fuller is the Founder, and a |
| generation of Internet criminals is to rent their networks | | | | Principal, of ZoneCast, Incorporated provides |
| to those who want to launch cheap mass email | | | | Corporate Information Security and Business Continuity |
| campaigns (also known as Spam) or to extortionists to | | | | Services. Ray has over twenty-one years of |
| launch DDoS attacks on legitimate websites. Botnets | | | | experience in a variety of technology fields related to |
| pose an even more insidious threat. According to | | | | corporate information security, disaster recovery |
| Dave Rand, Chief Technologist at Trend Micro, their | | | | planning and business continuity management. |
| combined computing power could be used to decrypt | | | | |
| Internet traffic. If that were to happen (and thankfully | | | | Since its inception, ZoneCast has successfully |
| there is no sign of it yet), it could bring e-commerce to | | | | completed numerous consulting engagements in |
| a grinding halt.Phishing Expeditions: | | | | corporate information security, business continuity |
| Industry experts state that phishing attacks will grow | | | | management and disaster recovery planning for |
| in frequency and sophistication over time. This trend is | | | | companies representing a diverse array of industries in |
| already developing at a fast pace as pointed by David | | | | several countries. |