New blends of email threats. (Security).Email-borne threats continue to evolve and have started to combine in new and dangerous ways. Traditional distinctions are becoming increasingly blurred between different kinds of malicious code or 'malware' (viruses, worms, spam, trojans, adware and spyware). Recent developments challenge antivirus companies both to counter new technical obstacles and to navigate potential legal minefields. Malware writers are turning to new 'social engineering' tricks to entice unwary users to assist unwittingly in the spread of their delinquent handiwork. The following feature categorises the developments in a variety of areas. The Evolving Boundaries of Spam The spam nuisance - unsolicited sometimes commercial, often fraudulent email (the electronic equivalent of paper junk mail See spam and junk faxes. ) - continues to grow relentlessly. Virus writers have come to recognise the advantages spamming techniques can offer in the release or 'seeding' of new worms, and with increasing regularity use such techniques to get them off to a flying start. Not only have they adopted the technical ploys of the spammer to hide their tracks, they have started to disguise their wares as relatively harmless spam. Conversely, the spammers have also learned from the virus writers. For example, and 'FriendGreetings' evolves from spam to Internet worm (networking, security) Internet Worm - The November 1988 worm perpetrated by Robert T. Morris. The worm was a program which took advantage of bugs in the Sun Unix sendmail program, Vax programs, and other security loopholes to distribute itself to over 6000 computers on the , using exactly the same technical mass mailing method as the Melissa virus A Word macro virus that was unleashed in the spring of 1999. It sent an e-mail message with a list of pornographic Web sites to the first 50 names in the user's Microsoft Outlook address book. . Beware the Seasonal Electronic Greetings Card Electronic greetings cards have been used in novel ways recently, as an adjunct to spam, spreading in a worm-like fashion and also as a means of infiltrating Trojans onto the desktop. E-cards are becoming the latest preferred social engineering trick and as festive seasons approache they should be treated with caution: a few nasty surprise gifts may in store. Spam becomes Adware The first malicious use of the E-card approach has been dubbed "Cytron" after the Canadian-based pomographers Cytron Communication Ltd who pioneered the trick. Cytron arrives as spammed email, ostensibly os·ten·si·ble adj. Represented or appearing as such; ostensive: His ostensible purpose was charity, but his real goal was popularity. as an electronic greetings card with a fake return address - egreetings at yahoo.com. A smiley face and the promise of a personal e-greeting, often entices the recipient to click on an envelope graphic which takes them to surprisecards.net. The user then has to agree to download software in order to be able to read the card. The victim never gets to read their greeting card Later comes the surprise, and a rather nasty one at that - a Trojan Horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse . As well as a harmless card reader, they also download a Browser Helper Object A Browser Helper Object (BHO) is a DLL module designed as a plugin for Microsoft's Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. (BHO BHO Browser Helper Object BHO Bundeshaushaltsordnung BHO Barack Hussein Obama BHO Bhopal, India (airport code) BHO British History Online BHO Banjo Hangout (website) BHO Battle Handover ). In the ThreatLab, we researched the malware potential of BHOs in early 2001 and reported our serious concerns to Microsoft Security. The RHO Rho The rate at which the price of a derivative changes relative to a change in the risk-free rate of interest. Rho measures the sensitivity of an option or options portfolio to a change in interest rate. problem has finally arrived in the real world with Cytron. Your Browser's Little Helper Little Helper can refer to:
What, the reader may ask, is a BHO? A Browser Helper Object is software that may be 'registered' in Windows as an extension to Microsoft Internet Explorer See Internet Explorer. . Once registered as a RHO, it can intercept all of IE's events and access most of the properties of IE's 'Document' object model. Translating into layman's terms, it can watch over your shoulder as you browse the web, so as to enhance the surfing experience in any number of interesting ways. Cytron enhances' your browsing experience in a very specific way: it scans web pages you visit for keywords. It is designed to identify people who are possibly in the market for pornography. The idea is to boost market share by drawing customers away from the competition. Automated keyword filtering software must be designed with great care, if crude false positives, are to be avoided. Recent research suggests that perhaps Cytron Communications are less than diligent about false positives. Browsing a report in USA Today USA Today National U.S. daily general-interest newspaper, the first of its kind. Launched in 1982 by Allen Neuharth, head of the Gannett newspaper chain, it reached a circulation of one million within a year and surpassed two million in the 1990s. about the constitutional issues relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc pornog raphy triggered a pop-up graphic advertising a gay men's adult site. Similarly, a visit to a Christian site promoting a video entitled "Pornography: the Tragedy Exposed" caused the RHO to spawn another of Cytron's graphic ads, this time for a site featuring the "nets [sic] youngest women online". Apart from the potential unwanted intrusion of such unsavoury material into the home, in the workplace, this could result in an unfortunate victim appearing to persistently flout flout v. flout·ed, flout·ing, flouts v.tr. To show contempt for; scorn: flout a law; behavior that flouted convention. See Usage Note at flaunt. v.intr. company policy on Internet usage, possibly leading to disciplinary action. It would be an astute technical sleuth who could correctly pinpoint the cause to an insidious BHO. Your Browser's Little Thief? Cytron has been categorised variously as spam, trojan horse, spyware and pornography adware. The real import lies in the debut of not only the E-card scam, but more so the BHO. No longer does the attacker depend on well-known techniques to launch automatically when Windows starts. Instead, the BHO springs into operation whenever Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. runs. Malware writers can be expected to learn from Cytron and apply this new technique. BHOs can be deployed in stealth malware to assist in mounting a number of pernicious kinds of attacks. Most notably, a BHO can identify, with relative ease, any passwords as these are input to web pages and grab copies. The future scope for fraud is very significant and certain web security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security may need to be reconsidered, particularly with regard to financial applications and Internet banking. Legal Remedies? The CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Cytron Communications Ltd reportedly defended their E-card scam by pointing out that he could name 'a hundred different companies, publicly-traded companies, that are doing far worse". Perhaps so, but their days may be numbered, if an ongoing class action succeeds against Netscape and AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services. , in connection with the Real Networks spyware. On October 1st 2001, Netscape/AOL lost an important appeal before the New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of Second Circuit court, paving the way for a judgement on the question of their spyware violating the Electronic Communications and Computer Fraud and Abuse Acts. On the other hand, the unscrupulous would simply move their operations to an unaffected jurisdiction. Spam evolves into Worm Another recent E-card scam has been labelled FriendGreetings, after one of the web sites belonging to Permissioned Media Inc. 'Permission' is the operative word, because failure to read the small print can make all the difference. Initially, distribution involved spamming, but for the main part the E-card has been propagated widely with the unwitting sanction of ordinary users. A user receives the greeting card announcement usually from someone they know and possibly trust. It arrives as apparently personalised email with the subject "Recipient) you have received a greeting card from [Sender]". Sample Friend Greetings card. The potential victim is invited to one of the FriendGreetings websites to download a reader program in order to accept the greeting card. In the process of doing so the user has to supposedly read and confirm consent to the conditions of not one, but two, end user licence agreements. In reality the vast majority of hapless users click through this without a second thought. The card reader presents their greeting card and silently emails the same announcement they received initially to everyone in the Outlook Address Book. But they agreed to the small print of the EULA (End User License Agreement) The legal agreement between the manufacturer and purchaser of software. It is either printed somewhere on the packaging or displayed on screen at time of installation, the latter being the better method, because it cannot be avoided. (twice). Furthermore, the chances are high that some of the members listed in the address book may conclude that they have been sent a virus. Some Antivirus Companies Fight Shy Unlike the Cytron, which is clearly a trojan and detected as such, Friendgreetings has received a mixed reception amongst the antivirus community. Despite the fact that it mass mails using the same method as the Melissa worm, some antivirus vendors allow it to pass unmolested. Why? Such reticence stems from the fact that the scam, although employing unscrupulous social engineering, rests arguably just on the right side of the law. And then there's the small matter of which law? Failure to read the small print means the user has also agreed implicitly to be bound by the software laws of the Republic of Panama and any dispute ushall be settled by binding arbitration in accordance with the rules of the Panamanian Arbitration Association'. Caveat emptor [Latin, Let the buyer beware.] A warning that notifies a buyer that the goods he or she is buying are "as is," or subject to all defects. When a sale is subject to this warning the purchaser assumes the risk that the product might be either defective or ! The Mother of All Spyware A third recent variation on the E-card approach has been deployed by Email P.I., an unashamed un·a·shamed adj. Feeling or showing no remorse, shame, or embarrassment: un  a·sham example of commercial trojan spyware. This
is "the mother of all spy programs" boasts marketing material
at the Email P.I. site.
Romantic 'Private Investigator greeting card The site offers a selection of five different E-cards romantic, joke and others, with which to ensnare your victim. The main purpose of the spyware is to maintain a suspected unfaithful spouse under observation. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion