It’s depressing, sometimes, writing about internet security. All right, it may not be as despair-ridden a job as showbiz reporter on The Tehran Times, but it comes pretty close. You see, on top of my general lack of faith in humanity to be smart, do the right thing, get along with each other, etc, I’m exposed on a daily basis to the cunning, deceit and malicious machinations of the criminal fraternity. To quote the late, great DI Jack Regan, it stinks. Occasionally, I need to watch an Antiques Roadshow omnibus just to calm myself down.
The age-old problem with IT security has always been that so much of what the vendors and white hats do is reactive. Well, the problem has got a lot worse now, for while we were all sitting there patting ourselves on the back about a job well done on Web 2.0, the crims were working out ways to exploit browser weaknesses, the ubiquity of Java and Flash, and Web 2.0 APIs. Oh god, where’s the Prozac?
It’s been known for a while that botnets are at the heart of many IT-related security problems. These are the malware-infected PCs that are perpetuating spam, sending out Trojans and information-gathering keyloggers, and launching denial of service (DoS) attacks. Well, according to DoS specialist Prolexic, bot herders have found a new way of controlling PCs without the need for infection with malware. They’re doing this by taking control of internet servers, and tricking the clients connecting to them into attacking other hosts in the background. And traditional anti-malware technology is not equipped to detect and prevent this, apparently.
Prolexic chief technology officer Paul Sop also told me that earlier this year peer-to-peer hub servers were hacked and the tens of thousands of clients connected to each hub were given orders to connect to the victim’s web server. No malware, no degradation of your PC connection, no suspicion. One DoS attack; done.
Sensing I was rattled, Sop continued to bombard me with yet more depressing research that shows a big increase in browser-based malware – where web servers have been attacked and malware written in JavaScript or Flash embedded in content. It could be because of Vista’s improved security, or maybe it’s a better and easier way of spreading malware, but JavaScript is becoming the malware platform of choice. And there’s very little that the user can do about it, short of disabling the function, which I doubt much of the population would do. The latest antivirus or anti-malware tools will not help either; this stuff is almost invisible, and, apparently, it’s only the beginning.
In the face of this onslaught there’s not much comfort for firms. They can do little except keep their web servers as secure as possible and cross everything in the hope that the good guys find some kind of solution to mitigate these potentially huge risks.
