Gone are the days when internet users had to
visit intentionally malicious sites or open malicious email
attachments to become victim of a security breach. Today, warns US
internet security company Symantec, hackers are compromising
legitimate, trusted websites and using them as a distribution
medium to attack home and business computers. Symantec’s warning is
based on data collected by millions of internet sensors, first-hand
research and active monitoring of hacker communications
worldwide.
visit intentionally malicious sites or open malicious email
attachments to become victim of a security breach. Today, warns US
internet security company Symantec, hackers are compromising
legitimate, trusted websites and using them as a distribution
medium to attack home and business computers. Symantec’s warning is
based on data collected by millions of internet sensors, first-hand
research and active monitoring of hacker communications
worldwide.
In particular, stressed Symantec, criminals are
exploiting website-specific vulnerabilities that can be used as a
means for launching other attacks. This is commonly referred to as
cross-site scripting and, in essence, allows criminals to intercept
data flows between an online customer and a legitimate service
provider and inject malicious code into the service provider’s
server thus compromising all users of its website.
exploiting website-specific vulnerabilities that can be used as a
means for launching other attacks. This is commonly referred to as
cross-site scripting and, in essence, allows criminals to intercept
data flows between an online customer and a legitimate service
provider and inject malicious code into the service provider’s
server thus compromising all users of its website.
In the second half of 2007 Symantec reported
11,253 site-specific cross-site scripting vulnerabilities had been
detected, up from 6,961 in the first half of 2007. Not only was the
significant increase of concern but in addition only 473 (4
percent) had been patched by the administrator of the affected
website during the second half of 2007. This stressed Symantec
represents “an enormous window of opportunity for hackers looking
to launch attacks.”
11,253 site-specific cross-site scripting vulnerabilities had been
detected, up from 6,961 in the first half of 2007. Not only was the
significant increase of concern but in addition only 473 (4
percent) had been patched by the administrator of the affected
website during the second half of 2007. This stressed Symantec
represents “an enormous window of opportunity for hackers looking
to launch attacks.”
In parallel to the surge in cross-site
scripting, Symantec’s research revealed a massive increase in the
number of new malicious codes in the second half of 2007. During
that period Symantec detected 499,881 new malicious code threats,
up from 212,101 in the first half of 2007. In total Symantec said
it had recorded the existence of a total of 1.12 million malicious
codes as of the end of 2007. From the banking industry’s
perspective Symantec reported that of all the malicious codes the
Silentbanker Trojan85 is the most significant.
scripting, Symantec’s research revealed a massive increase in the
number of new malicious codes in the second half of 2007. During
that period Symantec detected 499,881 new malicious code threats,
up from 212,101 in the first half of 2007. In total Symantec said
it had recorded the existence of a total of 1.12 million malicious
codes as of the end of 2007. From the banking industry’s
perspective Symantec reported that of all the malicious codes the
Silentbanker Trojan85 is the most significant.
Symantec explained Silentbanker can be used to
steal a user’s online banking credentials by diverting legitimate
transactions, but then modifies information on the transaction
summary web page a bank displays to the user. This fools the user
into thinking the transaction has been successfully
completed.
steal a user’s online banking credentials by diverting legitimate
transactions, but then modifies information on the transaction
summary web page a bank displays to the user. This fools the user
into thinking the transaction has been successfully
completed.
In addition, Symantec noted Silentbanker has
the ability to intercept secure communications and bypass
two-factor authentication and, overall, has the characteristics of
a malicious code most likely created by criminals with advanced
programming skills.
the ability to intercept secure communications and bypass
two-factor authentication and, overall, has the characteristics of
a malicious code most likely created by criminals with advanced
programming skills.
“Since Silentbanker targets over 400 different
online banking websites, it is likely the attackers are attempting
to maximise the financial return for the time and skill invested in
creating the Trojan” added Symantec.
online banking websites, it is likely the attackers are attempting
to maximise the financial return for the time and skill invested in
creating the Trojan” added Symantec.
Though malicious codes are a fast-growing
threat, attempts to acquire sensitive information via email, or
phishing, remains a problem. In the second half of 2007, Symantec
observed 87,963 phishing host computers that can host one or more
phishing websites. This was up 167 percent compared with the first
half of 2007. During the second half of 2007, 80 percent of brands
targeted by phishing attacks were in the financial sector.
threat, attempts to acquire sensitive information via email, or
phishing, remains a problem. In the second half of 2007, Symantec
observed 87,963 phishing host computers that can host one or more
phishing websites. This was up 167 percent compared with the first
half of 2007. During the second half of 2007, 80 percent of brands
targeted by phishing attacks were in the financial sector.
Criminals’ efforts have created a thriving
trade in stolen information. In this underground market Symantec
noted bank account details were most frequently advertised in the
second half of 2007, making up 22 percent of all goods and sold for
as little as $10.
trade in stolen information. In this underground market Symantec
noted bank account details were most frequently advertised in the
second half of 2007, making up 22 percent of all goods and sold for
as little as $10.
Credit card information, added Symantec, was
“plentiful” and accounted for 13 percent of advertised goods,
selling for just $0.40.
“plentiful” and accounted for 13 percent of advertised goods,
selling for just $0.40.
Go deeper with GlobalData
