Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


THE YEAR HACKING BECAME A BUSINESS

Source: Australian IT

Posted on February 1, 2007

      It was the year when cyber-criminals targeted everything from MySpace to Wikipedia, and even a website maintained by a local boy scout troop wasn't safe.

      Computer security experts say 2006 was also the year hacking stopped being a hobby and became a lucrative profession practiced by an underground of computer software developers and sellers.

      Like true business people, hackers not only broadened their reach by attacking popular social networking sites, but they also diversified their product line by launching attacks through popular software applications such as PowerPoint and Adobe Reader.

      Software makers who try to stop online crooks say they are bracing for a new level of nastiness in 2007, including malicious websites that are booby-trapped with software that automatically loads itself to machines of users who just visit a site.

      "Hackers realise they have a limited time before their attacks are blocked, so they are opening up their arsenal and trying everything possible," says Yuval Ben-Itzhak, chief technology officer of Finjan Software, a San Jose internet security company.

      Alex Eckelberry, president of Sunbelt Software, predicts attackers will target Windows Vista, Microsoft's new operating system. "The problem is Microsoft has thrown down the gauntlet and said it has a secure operating system," he says.

      Eckelberry, whose company is developing software for Vista, says his developers have already found bugs, indicating that the software could be vulnerable.

Microsoft has already acknowledged one Vista flaw.

      Meanwhile, criminals have begun peddling information about Vista's vulnerabilities.Other scams include combining a traditional pump-and- dump stock scam with the takeover of online brokerage accounts and renting out vast networks of zombie computers to digital desperadoes.

      "The first viruses were nothing but mischief," Webroot Software chief David Moll says. "Now that there is money to be made it has changed the game entirely."

      A recent report from Websense, a San Diego computer security company, says cybercriminals are now more creative, organised and business-smart.

      "True companies have emerged, producing and selling toolkits and developing business-partner programs that enable less-technical, traditional criminals to steal data and make money -- lots of it." It used to be that the biggest cyberthreats came from emails infected with pernicious worms and viruses. No longer.

      Finjan's Ben-Itzhak says the web is spreading infections, thanks to tens of thousands of sites carrying code designed to let an outsider steal information.

      Some of the code is designed so that it automatically downloads itself the minute a user accesses a web page.

      Other sites prompt a user to accept what seems to be legitimate software but is actually a malicious program.

      In 2006, some MySpace users who had forgotten to patch their computers were infected by a banner ad that silently installed spyware on their computers, according to iDefense Labs, a division of VeriSign.

      According to Websense, in the first half of 2006 there was a 100 per cent increase in sites designed to install forms of crimeware that could log keystrokes or record information entered into online forms. Altogether, Websense counted 16,663 sites that carried code for stealing passwords, including banking passwords, during that period.

      Microsoft's security team, which has one of the most comprehensive sets of data on security risks, says it removed 10 million pieces of malicious software from almost four million computers in the first six months of 2006.

      The technique of creating deceptive websites is known as phishing. The AntiPhishing Working Group says the number of phishing sites reported to the coalition increased 70 per cent to 26,877 in October, compared with 15,820 in October 2005.

      Booby-trapped sites turn up in search results. A recent study by Californian security software maker McAfee found one in about 1000 websites appearing in popular search results carried code designed to attack someone's computer.

      McAfee provides a free Site Advisor software plug-in that alerts users about potentially dangerous sites.

      In addition, in early November, Google started warning users who clicked on search results that it believed could be dangerous. In an explanatory note posted in its web search help centre, Google said the sites it flagged could carry software that could "delete data on your computer, steal personal information such as passwords and credit card numbers, or alter your search results".




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.