Loading ...
Sorry, an error occurred while loading the content.

FWD:Web browsers are new frontline in internet war

Expand Messages
  • Sinu John
    05 May 2007 From New Scientist Print Edition. Jeff Hecht YOU are surfing the net, and stop at a sports site you regularly visit to read the latest headlines.
    Message 1 of 3364 , May 3 12:08 PM
    • 0 Attachment
      05 May 2007
      From New Scientist Print Edition.

      Jeff Hecht

      YOU are surfing the net, and stop at a sports site you regularly
      visit to read the latest headlines. You are always careful to avoid
      sites that appear suspect, so you feel safe online. Unbeknownst to
      you, though, and to the innocent owner of the website, a piece of
      malicious code has been added to the page you are viewing. This
      uploads software onto your computer via your browser, turning it into
      a "zombie" PC under the remote control of a malicious user.
      While installing firewalls and antivirus software on your computer
      may keep it safe from conventional threats such as worms and viruses,
      these security tools do not inspect data downloaded through browsers -
      a loophole that attackers can exploit. "The firewall is dead," says
      Google security specialist Niels Provos.
      As a result of this loophole, PCs are increasingly becoming infected
      with "bot" software, creating networks of zombie computers, or
      botnets. Bots are "the Swiss army knives of the underground economy",
      because they are so versatile, says Nick Ianelli, an internet
      security analyst at Carnegie-Mellon University in Pittsburgh,
      Pennsylvania. Bots first establish a link to a remote "botmaster"
      before probing your computer for email addresses and personal data,
      and even logging your keystrokes. Most zombies are used to churn out
      huge amounts of spam email, while some target business websites with
      so-called "denial of service" attacks.
      "Their versatility makes bots the Swiss army knives of the
      underground economy"Botnets are not new, but the methods they use to
      infect computers are changing. Until recently, a bot program tended
      to arrive as an attachment with spam email, or carried by a computer
      worm. As users have grown wary of email attachments and installed
      firewalls and anti-virus software, however, the bad guys have shifted
      their attentions to websites in a bid to find more victims. "We still
      see a tremendous amount of bot propagation via email, but the web has
      overtaken it in the past year," says Pat Peterson of security firm
      Ironport in San Bruno, California.
      The sleazy side of the web has long been a place where people have
      been easily duped into downloading malicious programs for themselves.
      Lured to a site by spam and then promised pirated software or
      pornography, for example, visitors click on a link only to download a
      bot.
      Now, though, even an ordinary website can be risky. At a meeting on
      botnets held last month in Cambridge, Massachusetts, Provos warned
      that many web users are becoming the victims of "drive-by" downloads
      of bots from innocent websites corrupted to exploit browser
      vulnerabilities. As firewalls allow free passage to code or programs
      downloaded through the browser, the bot is able to install itself on
      the PC. Anti-virus software kicks in at this point, but some bots
      avoid detection by immediately disabling it. Once a computer has
      become infected with the malicious software, the zombie periodically
      connects to a web server controlled by the botmaster to receive
      instructions and download more software.
      To determine the scale of the problem, Provos's group at Google
      analysed several billion web pages and selected 4.5 million
      suspicious pages for more detailed study. To test for malicious
      software, or malware, they loaded a program designed to simulate a
      computer with a vulnerable version of Internet Explorer and monitored
      what happened. They found around 450,000 web pages that launched
      drive-by downloads of malicious programs. Another 700,000 pages
      launched downloads of suspicious software. More than two-thirds of
      the malicious programs identified were those that infected computers
      with bot software or programs that collected data on banking
      transactions and emailed it to a temporary email account.
      Ordinary users would not know that their computer had been hit by a
      drive-by download unless their browser started crashing or they
      suddenly started being hit with pop-up advertisements, Provos says.
      Nor would website owners spot that their pages had been corrupted, as
      such malware is typically hidden, for example, by adding code to the
      JavaScript program used to create the site. The malware can also be
      designed to hide from anyone trying to find it; Provos encountered
      websites that checked the IP address of all visitors and only
      installed malware on a user's first visit.
      Botnets themselves are also evolving. Most existing bots are
      vulnerable because they receive their instructions via an internet
      relay chat (IRC) server, a simple communication system. This gives
      security professionals a hope of disabling them by trapping one
      zombie using a "honeypot" designed to mimic a vulnerable computer.
      They can then identify the IRC address of the computer's botmaster
      when it tries to communicate, says Julian Grizzard, a computer
      scientist at Johns Hopkins University in Laurel, Maryland. Traffic to
      the botmaster could then be blocked, effectively cutting off the
      botnet's head.
      Now, however, malicious users are beginning to explore peer-to-peer
      botnets, modelled on file-sharing networks such as Gnutella, as they
      are harder to disable. The first P2P bots appeared in 2004, and they
      are now beginning to increase in sophistication, says Grizzard.
      Botmasters distribute new bots programmed to establish contact with
      one of a group of operating zombies. Once contact is made, the P2P
      network relays information to the botmaster, who can link to the
      network through any zombie.
      In this way, even if security professionals trap a bot, they would
      have no way of identifying the botmaster. However, Grizzard is not
      without hope that even these advanced botnets could ultimately be
      stopped. "The major disadvantage of P2P is that it is typically very
      chatty," he says. This increased traffic could be detected from
      outside the host machine and give away the existence of the botnet,
      he says.
      Until botnets can be stopped, though, users should try to lessen
      their computer's chances of becoming infected as they surf the web by
      keeping browsers updated with the latest software patches, says Cliff
      Zou of the University of Central Florida in Orlando. This helps
      browsers avoid vulnerabilities that can be exploited by malware.
      Surfers should also take special care not to be duped by tricks such
      as links embedded in spam emails or offers of free software, and pay
      attention to warnings displayed alongside search engine links.
      Ultimately what is needed is a new type of firewall that inspects the
      content of programs downloaded through the browser, says Zou. This
      should stop any nasties lurking in websites gaining a free pass to
      infect your computer.

      From issue 2602 of New Scientist magazine, 05 May 2007, page 28-29
      Beat zombies at their own game
      Botnets exploit the fact that many computers working together are far
      better than a single machine at launching denial of service attacks
      and sending spam. Now the good guys are fighting back with a system
      that uses multiple online computers to fight rather than spread
      malicious software.

      Dubbed "herd computing", the application behaves like a benevolent
      botnet. Like its malicious counterpart, herd PCs contain a program
      that reports back to a central computer. But unlike the zombie PCs in
      a botnet, whose reports are met by a command to launch spam or spread
      a virus, members of the herd send back details on the health of their
      computers, alongside a list of all the software they are running.

      This can be used to monitor the effect of downloaded software on the
      performance of the computer. This information can then be presented
      to any computer in the herd that attempts to download the same code,
      warning them in advance.

      "It is a way of understanding computing as an act that is not done in
      isolation," says Jonathan Zittrain, a researcher at Harvard Law
      School's Berkman Center for Internet and Society and the Oxford
      Internet Institute, part of the University of Oxford. "That is the
      way botnets gained their power and it would be crazy for us not to
      harness that power," he says.

      The main use for herd computing will be in combating spyware. This
      software causes unwanted pop-up advertisements, hogs processing
      cycles and memory, and spies on a web-user's actions. It often
      arrives bundled with something useful such as a screensaver or chat
      application, which makes it difficult for existing anti-virus
      software to remove it. "Viruses are mean, evil programs, but spyware
      is a little weird," says Nathan Good, a spyware researcher at the
      University of California at Berkeley. "In some cases it's consensual."

      Herd computing could deal with this grey area by flagging the likely
      consequences of a piece of software before it is downloaded, and then
      leaving it up to the user to decide whether to install it.

      All members of the herd would send in regular updates of their vital
      signs, including the number of pop-ups they experience, the speed of
      their processor and the number of crashes and restarts, alongside
      details of the software they are running. The central computer would
      collate this information to determine the effect of different pieces
      of software on computers.

      Then, when one of the computers in the herd tried to download
      software, a message would appear informing the user of what happened
      to other PCs that downloaded the same program. With this information,
      users can decide whether or not to download it. "It's a way of
      allowing people to make better choices," says Good. Zittrain likens
      the concept to "giving the internet a nervous system".

      Celeste Biever

      Source: http://www.newscientisttech.com/channel/tech/mg19426026.000?
      DCMP=NLC-nletter&nsref=mg19426026.000

      Sinu John
      ID:076
    • SOCM-FORUM@yahoogroups.com
      Dear honorable members Greetings in HIS name To keep the forum debate s authenticity, we the moderators of this forum, have decided to implement a new
      Message 3364 of 3364 , May 1 5:25 AM
      • 0 Attachment
        Dear honorable members

        Greetings in HIS name

        To keep the forum debate's authenticity, we the moderators of this forum, have decided to implement a new guideline.

        As per the new guideline from 26th of October 2004, we will not publish any messages without proper signature. Your signature should contain full name, family name, home parish, present parish attending along with proper references like that of the parish priest's; name, e mail address and telephone number, where we can verify the genuineness of the e mails.

        After the verification of your identity, we will provide a member ID Number which can be used as your signature for future postings and by member ID numbers we can verify your mails. However, If you want your name to be withheld from the messages published, we will comply to your request and then only the ID number will be published.

        These personal contact details will be stored in our database and will not be published in the forum.

        However, if you are hesitant to reveal the name and identity, you can still be a member of the forum and get the daily digests in your e-mail id supplied, if you wish so.

        This new guideline is applicable to all members, regardless of their Christian denomination.

        We hope our members will appreciate it and cooperate with us.

        Be with us and be part of us.

        In Our Lords Love
        For & on behalf of
        SOCM-FORUM Moderators

        Chev. Thomas Daniel (Reji)
        St.George Jacobite Syrian Orthodox Church
        Cheppaud, Alleppy Dist, Kerala, India.
        http://www.stgeorgecheppaud.org
        http://www.socmnet.org
      Your message has been successfully submitted and would be delivered to recipients shortly.