Total Members: 14176
Posted by: Amker
« on: 22. September 2007., 21:21:55 »September 21, 2007 (Reuters) -- A few weeks ago Candace Locklear's office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software.
She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.
It took eight hours for a technician to clean up her computer. But because the malicious software worked so secretly, she's still not convinced that all's clear.
"I'd like to think that it's gone. But I just don't know," said Locklear, 40, a publicist in San Francisco. "That's what is so frustrating."
Computer security experts estimate that tens of millions of PCs are infected with malicious programs like the one that attacked Locklear's machine. Such software, generally classified as malware, attack companies along with consumers.
Some programs are keyloggers, which record every keystroke that the user enters and sends valuable bank account information, passwords and credit card numbers to hackers.
In July, hackers used keylogging software to gather passwords to databases at the U.S. Department of Transportation, consulting firm Booz Allen Hamilton Inc., Hewlett-Packard Co. and satellite network company Hughes Network Systems LLC, according to British Internet security software maker Prevx Inc.
And other malware programs turn PCs into so-called zombies, literally giving hackers full control over the machines. The zombies can be instructed to act as servers, sending out tens of thousands of spam e-mails promoting counterfeit medications, luxury watches or penny stocks without the PC owner ever knowing about it.
The computer that controls the zombies -- known as the command and control center -- is able to change the text of the spam depending on what his customer wants to sell.
Monster Worldwide Inc. said last month that confidential contact information of millions of its job seekers was stolen by criminals who used zombies. Contact data for 146,000 job seekers using the official U.S. government jobs Web site was also taken.
Monster said it would beef up its security, but even with enhanced protection, there are no guarantees.
Security experts say that while companies and consumers need to be vigilant to protect themselves against Internet-borne threats, determined criminals are hard to beat.
"I hate to scare people, but there is never 100% [security]," says Gadi Evron, a researcher at Internet security firm Beyond Security Inc. "If you want to know for sure, never do anything with your computer and never connect to the Internet."
Evron has organized conferences between government and industry researchers to fight hackers who set up botnets, or networks of millions of zombies. He said the picture painted by some presenters was depressing.
"The problems are not getting solved. They are getting worse," he said. "The bad guys are making a lot of money."
Still, he and other security experts recommend that PC users take basic precautions, including installing up-to-date security software, keeping current with updates that software providers distribute over the Web and backing up files.
There's a wide range of PC security software available, including BitDefender, Check Point Software Technologies Ltd.'s ZoneAlarm and Symantec Corp.'s Norton Security, as well as products that have been recently updated or are about to be introduced by CA Inc., F-Secure Corp., Kaspersky Lab, McAfee Inc., Microsoft Corp., Prevx and Trend Micro Inc.
More important than security software, users need to monitor their own behavior. The bulk of malware is installed on computers by users who either click on a Web link or on a file that is attached to an e-mail or instant message.
PC users can greatly reduce the risk of infection by only visiting familiar Web sites and avoiding unknown attachments.
"You won't know you are infected until one day your ISP turns you off or restricts access, or money starts disappearing from your bank account," said Adam O'Donnell, a senior research scientist at Cloudmark Inc., which sells antispam software.
(Copyright by Computerworld)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9038180&taxonomyId=17&intsrc=kc_top
She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.
It took eight hours for a technician to clean up her computer. But because the malicious software worked so secretly, she's still not convinced that all's clear.
"I'd like to think that it's gone. But I just don't know," said Locklear, 40, a publicist in San Francisco. "That's what is so frustrating."
Computer security experts estimate that tens of millions of PCs are infected with malicious programs like the one that attacked Locklear's machine. Such software, generally classified as malware, attack companies along with consumers.
Some programs are keyloggers, which record every keystroke that the user enters and sends valuable bank account information, passwords and credit card numbers to hackers.
In July, hackers used keylogging software to gather passwords to databases at the U.S. Department of Transportation, consulting firm Booz Allen Hamilton Inc., Hewlett-Packard Co. and satellite network company Hughes Network Systems LLC, according to British Internet security software maker Prevx Inc.
And other malware programs turn PCs into so-called zombies, literally giving hackers full control over the machines. The zombies can be instructed to act as servers, sending out tens of thousands of spam e-mails promoting counterfeit medications, luxury watches or penny stocks without the PC owner ever knowing about it.
The computer that controls the zombies -- known as the command and control center -- is able to change the text of the spam depending on what his customer wants to sell.
Monster Worldwide Inc. said last month that confidential contact information of millions of its job seekers was stolen by criminals who used zombies. Contact data for 146,000 job seekers using the official U.S. government jobs Web site was also taken.
Monster said it would beef up its security, but even with enhanced protection, there are no guarantees.
Security experts say that while companies and consumers need to be vigilant to protect themselves against Internet-borne threats, determined criminals are hard to beat.
"I hate to scare people, but there is never 100% [security]," says Gadi Evron, a researcher at Internet security firm Beyond Security Inc. "If you want to know for sure, never do anything with your computer and never connect to the Internet."
Evron has organized conferences between government and industry researchers to fight hackers who set up botnets, or networks of millions of zombies. He said the picture painted by some presenters was depressing.
"The problems are not getting solved. They are getting worse," he said. "The bad guys are making a lot of money."
Still, he and other security experts recommend that PC users take basic precautions, including installing up-to-date security software, keeping current with updates that software providers distribute over the Web and backing up files.
There's a wide range of PC security software available, including BitDefender, Check Point Software Technologies Ltd.'s ZoneAlarm and Symantec Corp.'s Norton Security, as well as products that have been recently updated or are about to be introduced by CA Inc., F-Secure Corp., Kaspersky Lab, McAfee Inc., Microsoft Corp., Prevx and Trend Micro Inc.
More important than security software, users need to monitor their own behavior. The bulk of malware is installed on computers by users who either click on a Web link or on a file that is attached to an e-mail or instant message.
PC users can greatly reduce the risk of infection by only visiting familiar Web sites and avoiding unknown attachments.
"You won't know you are infected until one day your ISP turns you off or restricts access, or money starts disappearing from your bank account," said Adam O'Donnell, a senior research scientist at Cloudmark Inc., which sells antispam software.
(Copyright by Computerworld)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9038180&taxonomyId=17&intsrc=kc_top