Criminal hackers reach beyond Windows and IE

Robert Vamosi CNET

Published: 22 Mar 2005

• 
• 
• 
• 
• 

Like cockroaches that you stop at a hole in the wall only to have them reappear under the door, criminal hackers are finding new and better ways to compromise your computer and electronic devices. So concludes a new Internet Security Threat Report, based on data collected at Symantec's Security Response facilities worldwide. The report is one company's snapshot of malicious Internet activity during the last six months of 2004.

I asked David Cole, director of product management for Symantec Security Response, to use the information uncovered in the report (more than 70 pages long) to talk about what he's already seeing in 2005. In our conversation, he covered trends such as the discovery and exploitation of flaws in non-Internet Explorer browsers and non-Windows operating systems and the recent reach by criminal hackers (crackers) into non-desktop computer systems such as handhelds and smartphones.

Mixed news
The good news, says Cole, is that today, companies are much better at defending their network perimeters than they were a few years ago. Traditional Internet attacks are down. Unfortunately, attackers are opportunistic and are now going after end users -- employees who log in from home or while on the road. Since companies are doing a good job protecting their email systems -- either at the gateway with corporate defences or on desktops with antivirus programs -- virus writers are frequently frustrated and have begun targeting instant messaging (IM) applications, Internet Relay Chat (IRC) and peer-to-peer networks (P2P) in addition to email. Symantec reported threats related to P2P, IM, IRC and CIFS (Common Internet File System) make up 50 percent of its top 50 threat submissions, up from 32 percent covering the same period a year earlier.

Browsers beware
But viruses and worms aren't the only Internet threats. Phishing scams, spyware, and now pharming attacks are becoming more common. By now, most of us know that Microsoft's Internet Explorer harbours many security vulnerabilities. So as people move away from IE (now below 90 percent usage), attackers are turning their attention to Mozilla and other Internet browsers, according to Symantec.

An example might be what crackers have done with the vulnerability found in Internationalized Domain Names (IDN) that affects most non-IE browsers. IDN renders specialised character sets such as non-English domain names in a standardised way using Unicode characters, a standard that attempts to assign a unique computer number for every computer character, no matter the platform or the language set used. The IDN standard allows foreign companies to register domain names in different languages; however, criminal hackers have discovered that they can use this loophole to fool end users onto their phishing sites by substituting specific letters from alternative character sets.

Oddly, IE does not support IDN (although rumours suggest the upcoming Windows XP-only IE 7 will support IDN). Mozilla and Firefox have since patched their IDN flaw.

But if you thought that IE would be a safer browser as a result of recent attention to non-IE browsers, you'd be wrong. Cole said that while there were a greater number of vulnerabilities reported in Mozilla during the last half of 2004, Symantec found that the most severe vulnerabilities still reside within Internet Explorer. Of the 13 Internet Explorer vulnerabilities rated by Symantec from June to December 2004, 9 were considered 'high'.

Other OSs under attack
The Symantec report also predicts that crackers will become more interested in Macs during 2005, specifically mentioning sales of low-priced Mac minis. As more casual, less technical, users adopt Macs, expect to hear more about vulnerabilities exposed within the Mac OS, which is based on the Unix system. Other security companies are seeing an increase in Mac flaws. For example, security company Secunia also saw an increase in reported Mac OS flaws during 2004.

Other electronic devices under attack
As more people leave their desktops and start accessing the Internet via mobile devices, so too do the crackers. Last summer, someone released the Cabir worm, designed to infect Symbian OS-equipped Nokia series 60 smartphones. Since the start of this year, the Cabir worm has been reported in nearly two dozen countries, including the United States. Cole says these attacks will continue to grow as Bluetooth and smartphone adoption sets in. In fact, crackers recently launched CommWarrior, a smartphone-enabled virus that is able to infect either Bluetooth systems or those using Multimedia Messaging Service (MMS). We can expect hybrid or multi-platform worms to remain the norm with mobile technology devices.

All is not lost
What's fuelling the spread of Internet threats to other platforms? Money. As I wrote during the Sobig virus attacks in 2003, spammers and perhaps organised crime are now paying virus writers to push the limits and infect as many systems as they can. But that's good. We've moved from a strictly ego-fuelled virus culture to one where the tools of law enforcement work best. Instead of finding a random, rogue programmer, law enforcement officials are following the money, and they're making some major busts against cybercrime.

As you adopt new technology, stop and think about the possible security pros and cons. Just because someone hasn't written a devastating worm to hit the Mac OS platform doesn't mean it won't happen. Same with your Nokia smartphone. Proceed with caution. If we've been successful in frustrating crackers by having antivirus and firewall solutions on our desktops, I think there's a chance we'll also prevail in these other areas as well.

• 
• 
• 
•