JANUARY 23, 2006
Eight Tech Trends for 2006
By Brian Grow
Coming to Your PC's Back Door: Trojans
These slick cyberattacks take aim at specific recipients to get past firewalls and gather sensitive data. And they're on the increase
It was a stealth cyberattack. Last Nov. 18, an e-mail with a nefarious purpose was dispatched from an Internet address in the Tianjin province of China. The targets: individual employees of the U.S. and European military and pharmaceutical, petrochemical, and legal companies, according to e-mail security firm MessageLabs.
Attached was an apparently innocuous Microsoft Word document with a news story from CNN. And it was designed to look like it came from a trustworthy source. The sender was listed as copyrightagent@turner.com, suggesting that the host was Turner Broadcasting System, CNN's parent company and a unit of entertainment conglomerate Time Warner (TWX).
INFILTRATING COMPANIES. But this was no Headline News report. It was a cyber-assault called a trojan, or malicious code, embedded in what appears to be a harmless file. In this case, it was a particularly insidious variety known as a targeted trojan because it was directed at a specific recipient -- intended to infect the computer networks of American companies.
When opened, the Word document could have become a ticking time bomb. Buried inside was special code that would allow hackers to take remote control of each employee's PC. Then, working from inside the corporate networks, the hackers could steal corporate secrets or use the compromised computers to send spam and viruses. The scam was caught by MessageLabs' e-mail filtering system. But, says Alex Shipp, MessageLabs' senior antivirus technologist, "these types of attacks have grown."
Home computers and corporate networks are already bombarded by unwanted -- but often obvious -- waves of spam, phishing e-mails, viruses, and worms. In 2006, computer-security experts say, those attacks will grow more slick and secretive. Hackers are conducting in-depth research on security networks at big companies and developing job profiles of individual workers, experts say.
MORE SOPHISTICATED. The intent is to write malware that bypasses basic defenses, then appeals to the personal interests of users to induce them to open documents or click on links that load malicious code. One targeted trojan aimed at a transportation company -- and caught by a security firm late last year -- was even designed to look like a request for proposal, or RFP, from a potential client.
"We expect to see the sophistication level of attacks going up" in 2006, says Neel Mehta, team leader of the X-Force Advanced Research Group at Atlanta-based Internet Security Systems (ISSX).
Why the added stealth? The front door to PCs and corporate networks -- their e-mail systems and Web sites -- are often locked down by antivirus software, firewalls, and e-mail filtering systems. Companies and individuals spent $18 billion on computer-security hardware and software in 2005, up 19.2% from 2004, according to research firm IDC. A December report by America Online and the National Cyber Security Alliance shows more than 81% of home-computer users have antivirus software installed on their PCs.
MILLIONS OF MACHINES. Moreover, most big companies now deliver regular, often automated, security updates to patch holes in corporate networks. "We're fighting back," says Chad Kinzelberg, a vice-president in VeriSign's (VRSN) security-services division.
With the front door bolted, hackers hunt for new ways into PCs. Targeted trojans are key because they bypass most antivirus software and entice the recipient to believe the e-mail transmitting the trojan is legitimate. The damage spreads because once a PC is infected with remote-control software, becoming what's known as a Zombie, it often remains undetected by users. Then, it can be harnessed to vast networks of infected machines, creating a powerful system of hacker-owned PCs called BotNets that spew more malicious code.
According to Paul Judge, chief technology officer at messaging-security firm CipherTrust, 250,000 new Zombie PCs become active each day. Judge estimates 50% of his company's 1,800 clients have PCs unwittingly sending unauthorized e-mail, viruses, or worms. "We're talking not tens of thousands of machines, but tens of millions of machines that owners do not have control over," he says. "Now, someone has their fingers behind the gate of your organization."
VoIP VULNERABILITIES. Money is also driving the trend toward stealth attacks. Hacking is no longer the domain of geeky kids seeking fame and notoriety. Instead, according to law-enforcement officials, hackers have hooked up with organized crime in a bid to steal identities, bank account data, and credit card numbers for financial gain (see BW Online, 11/22/05, "Viruses Get Smarter -- and Greedy").
Last December, security firm Cyveillance detected a targeted trojan contained in an e-mail sent to chief executives and chief financial officers of U.S. credit unions. In part, its pitch read: "I recently came across this credit union: http://www.wrdcu.org that is affiliated with your organization. They claim to have higher interest rates than any other federal credit union." When recipients clicked the link, they were transferred to a Web site that downloaded malware able to steal log-on information. "We are seeing more targeted attacks that profile a specific group with tailored scams designed to inflict great harm," says James Brooks, senior product manager at Cyveillance.
The tough task of closing back doors will be compounded, say security experts, by new -- and less secure -- gizmos from Voice over Internet Protocol telephone systems to iPods. Mehta at ISS says VoIP, in particular, will harbor an emerging threat. The reason: Web-based phone technology contains substantial security flaws, says Mehta, citing ISS research that has yet to be released. As the popularity of VoIP calling grows, hackers are sure to exploit the vulnerabilities (see BW Online, 11/28/05, "VoIP Providers: Heeding the Call?").
HAWKING THE DATA. "VoIP is reaching the critical mass where it is widely deployed," says Mehta. The same "critical mass" theory applies to iPods and mobile phones. In January, four vulnerabilities were detected in Apple's QuickTime software used to download songs and videos to iPods.
And mobile-phone worms such as CommWarrior, which hit cell phones in Europe last year, are gaining steam (see BW Online, 1/05/06, "Mobile Viruses: If Not Now, Soon,") "A little bit of success is like blood in the water for sharks," says Mehta.
With terabytes of vital data now stored on PCs, the returns for stealing it -- and the financial rewards for devising methods to carry out the attacks -- are on the rise. Underground Web sites hawk thousands of identities and bank account and credit card numbers each day. At one cyber-crime trading site, cc-cards, a recent going rate for a U.S. individual's entire identity, complete with mother's maiden name and Social Security number, was $13.
"NOBODY IS LOOKING." One hacker offered U.S. credit card numbers with three-digit security codes for 5 cents each and a 20% discount for orders of 1,000 or more. Such sites are already destination points for the sale of malicious code used to crack into PCS and could soon be used to cash in on stolen corporate intelligence, too.
Last June, MessageLabs detected a trojan aimed at employees of U.S., British, and Hong Kong military-related organizations. The hook: a bogus Times of India news story purportedly about China's new JL-2 missile, a submarine-launched nuclear weapon. The trojan, which was unsuccessful, was undetectable by antivirus software and could remain hidden on PCs for several months.
"They have defenses for things coming in the front door, but nobody is looking at what's going out the back door," CipherTrust's Judge says. It's the type of stealthy hacker attack that computer-security experts fret could have devastating impact in 2006.
[an error occurred while processing this directive]
