Experts see growing cyber crime threat

By Betsy Mason

CONTRA COSTA TIMES

It is frighteningly easy to surf into a bad Internet neighborhood and get your pocket picked. It could be hours, days or more before you notice anything has been stolen, and by then your bank account has been emptied and your identity stolen.

A new breed of cyber crooks are making organized, sophisticated and lucrative attacks on consumers that are increasingly difficult to detect and defend against. Computer security experts met this weekend at the annual meeting of the American Association for the Advancement of Science to discuss the malicious software being used, known as malware or crimeware.

"It's been creeping up on us, but now it has become such an overwhelming threat that technical people who are aware of it must alert the general public about all that could go wrong and how it could go wrong," said Markus Jakobsson of Indiana University in Bloomington.

The goal of most malware is to steal something either by tricking users into giving it to them or by secretly taking it without being noticed.

"These are things that are operating on your computer, you don't know about them, and it is benefiting someone else," said security researcher Aaron Emigh of Radix Labs in Incline Village, Nev.

Some common types of malware include: key loggers and screen loggers that capture usernames and passwords when you type them in; e-mail and instant messaging redirectors that steal data as it is transmitted; Web Trojans that pop up as an identical-looking page in front of the one you are visiting to get personal information you enter; session hijackers that grab control of an Internet banking session, switch their own transaction for the one you confirmed and divert money to another account; and data stealers that scan for useful data and transmit it to another computer.

Malware can get onto your computer in different ways. Some involve a technique known as "phishing" that involves receiving an e-mail with an attachment that claims to be information from your bank, steamy photos of celebrities or perhaps a funny video but that actually is malware that installs itself when it is opened.

Malware can piggyback on another piece of software that is downloaded from the Internet and claims to perform some other purpose. Malicious software can also be put on a thumb drive that automatically installs itself when it is plugged in.

Legitimate Web sites with user-generated content, such as a review site, blog or online auction site, provide opportunities for malware to be injected onto the site and unwittingly downloaded.

A new avenue for malware has recently been identified that can affect anyone with an Internet router at home. Most people who buy routers aren't aware they come with a default password needed to change the router's settings. Default passwords are often easy to figure out, such as "password" or consecutive numbers. An attacker can use them to change the settings.

This is known as "pharming." The attacker alters your router so when you type in an Internet address on a browser or click on a link to a well-known site, your request is sent to their own server, not to a directory server. The attacker's server then sends you to a Web site that appears to be the one you wanted but sends any information you enter to the attacker rather than to your bank or online merchant.

There are no known pharming cases, but the practice could potentially affect about half of the 60 million Americans who use routers and haven't changed the default password, said security researcher Zulfikar Ramzan of Symantec in Cupertino.

"All they have to do to be a victim is look at a Web page, just look at it," Ramzan said. "And that to me is very scary because a lot of people could potentially be affected."

Fortunately, that can easily be avoided by changing the router password.

But it is more difficult to protect against many other malware attacks, because users don't know what to watch out for and because some malicious software can't be easily detected. Antivirus protection can help, but malware mutates so quickly that it is hard for computer security companies to keep up.

So what can the average computer user do beyond installing a robust antivirus package? It's not possible to eliminate all threats, but they can be greatly reduced by taking a few important steps and exercising "Internet street smarts," Ramzan said:

• Be careful with Internet attachments and links. Don't open those you weren't expecting and don't need and those whose source you don't know. If you aren't sure of a link, type the address directly into your Web browser; by not clicking on the link, you avoid being sent to an impostor Web site.

• Set your computer to automatically download and install updates and patches for the operating system.

• Don't use the same password for everything. Instead of trying to memorize a long list of passwords, try memorizing a password system that can easily assign a unique password to each site you visit. For example, use a common root that is easy to remember, then tack on "cb," for example, for Citibank and the numbers that correspond to those letters, in this case 3 and 2.

• Don't download free software. It can be disguised malware. Some free software claiming to be antispyware is really malware that disables your computer's defenses, making it more vulnerable.

• Don't surf the Web or download software from an administrator account. Most computers allow you to set up several user accounts and designate whether or not they have administrator privileges, which allow users to download and install software. Turn off administrator capability on your main account. Set up a new administrator account to download legitimate software or security patches.

For details on Internet security and malware, visit www.antiphishing.org

Reach Betsy Mason at bmason@cctimes.com or 925-847-2158.

URL: http://www.mercurynews.com/mld/mercurynews/news/breaking_news/16736901.htm