Hackers reach beyond Windows

Sam · Post by **Sam** » March 21, 2005 4:58 pm

Okies I know thisway off topic but everyone that DOSEN'T KNOW about this...NEEDS to!!!

Pretty much everyone should realize that computers are insecure....do the best you can to protect yourself and your computer and others...because once access is made to yours they can use your puter for a zombie or appear to be you.

Anyway a further heads up...that their is more than just giving a worm or a trojan or a virus...

I hope it helps at least one person...if not many others....
*************************************************************

http://news.zdnet.com/2100-1009_22-5628 ... ag=nl.e589

Hackers reach beyond Windows, IEBy Robert Vamosi, CNET.com
Published on ZDNet News: March 21, 2005, 9:31 AM PT

Forward in EMAIL Format for PRINT Security threats Web browsers Security Data security Hacking Symantec Corp Microsoft Corp
Commentary--Like cockroaches that you stop at a hole in the wall only to have them reappear under the door, criminal hackers are finding new and better ways to compromise your computer and electronic devices. So concludes a new Internet Security Threat report out today, based on data collected at Symantec's Security Response facilities worldwide. The report is one company's snapshot of malicious Internet activity during the last six months of 2004.

I asked David Cole, director of product management for Symantec Security Response, to use the information uncovered in the report (more than 70 pages long) to talk about what he's already seeing in 2005. In our conversation, he covered trends such as the discovery and exploitation of flaws in non-Internet Explorer browsers and non-Windows operating systems and the recent reach by criminal hackers (crackers) into nondesktop computer systems such as handhelds and smart phone devices.

Overall, the news is mixed
The good news, says Cole, is that today, companies are much better at defending our network perimeters than they were a few years ago. Traditional Internet attacks are down. Unfortunately, attackers are opportunistic and are now going after end users--employees who log in from home or while on the road. Since companies are doing a good job protecting their e-mail systems--either at the gateway with corporate defenses or on desktops with antivirus apps--virus writers are frequently frustrated and have begun targeting instant-messaging apps, Internet Relay Chat (IRC), and peer-to-peer networks (P2P) in addition to e-mail. Symantec reported threats related to P2P, IM, IRC, and CIFS make up 50 percent of its top 50 threat submissions, up from 32 percent covering the same period one year earlier.

Browsers beware
But viruses and worms aren't the only Internet threats. Phishing scams, spyware, and now pharming attacks are becoming more common. By now, most of us know that Microsoft Internet Explorer harbors many security vulnerabilities. So as people move away from IE (now below 90 percent usage), attackers are turning their attention to Mozilla and other Internet browsers, according to Symantec.

An example might be what crackers have done with the vulnerability found in Internationalized Domain Names (IDN) that affects most non-IE browsers. IDN renders specialized character sets such as non-English domain names in a standardized way using Unicode characters, a standard that attempts to assign a unique computer number for every computer character, no matter the platform or the language set used. The IDN standard allows foreign companies to register domain names in different languages; however, criminal hackers have discovered that they can use this loophole to fool end users onto their phishing sites by substituting specific letters from alternative character sets.

Oddly, IE does not support IDN (although rumors suggest the upcoming Windows XP-only IE 7 will support IDN). Mozilla and Firefox have since patched their IDN flaw.

But if you thought that IE would be a safer browser as a result of recent attention to non-IE browsers, you'd be wrong. Cole said that while there were a greater number of vulnerabilities reported in Mozilla during the last half of 2004, Symantec found that the most severe vulnerabilities still reside within Internet Explorer. Of the 13 Internet Explorer vulnerabilities rated by Symantec from June to December 2004, 9 were considered high.

Other OSs under attack
The Symantec report also predicts that crackers will become more interested in Macs during 2005, specifically mentioning sales of low-priced mini Macs. As more casual, less tech-savvy users adopt Macs, expect to hear more about vulnerabilities exposed within the Mac OS, which is based on the Unix system. Other security companies are seeing an uptick in Mac flaws. For example, security company Secunia also saw an increase in reported Mac OS flaws during 2004.

Other electronic devices under attack
As more people leave their desktops and start accessing the Internet via mobile devices, so too do the crackers. Last summer, someone released the Cabir worm, designed to infect Symbian OS-equipped Nokia series 60 smart phones. These phones are popular in Europe, but have only recently started selling here in the United States. Since the first of this year, however, the Cabir worm has been reported in nearly two dozen countries, including the United States. Cole says these attacks will continue to grow as Bluetooth and smart phone adoption sets in. In fact, crackers recently launched CommWarrior, a smart phone-enabled virus that is able to infect either Bluetooth systems or those using Multimedia Messaging Service. Expect hybrid or multiplatform worms to remain the norm with mobile technology devices.

All is not lost
What's fueling the spread of Internet threats to other platforms? Money. As I wrote during the Sobig virus attacks in 2003, spammers and perhaps organized crime are now paying virus writers to push the limits and infect as many systems as they can. But that's good. We've moved from a strictly ego-fueled virus culture to one where the tools of law enforcement work best. Instead of finding a random, rogue programmer, law enforcement officials are following the money, and they're making some major busts against cybercrime.

As you adopt new technology, stop and think about the possible security pros and cons. Just because someone hasn't written a devastating worm to hit the Mac OS platform doesn't mean it won't happen. Same with your Nokia smart phone. Proceed with caution. If we've been successful in frustrating crackers by having antivirus and firewall solutions on our desktops, I think there's a chance we'll also prevail in these other areas as well.

Ilph · Post by **Ilph** » March 21, 2005 5:43 pm

Is there a reader's digest version of this article? I'm lazy.

conched · Post by **conched** » March 21, 2005 7:55 pm

quoting:
Browsers beware
But viruses and worms aren't the only Internet threats. Phishing scams, spyware, and now pharming attacks are becoming more common. By now, most of us know that Microsoft Internet Explorer harbors many security vulnerabilities. So as people move away from IE (now below 90 percent usage), attackers are turning their attention to Mozilla and other Internet browsers, according to Symantec.

How ironic that they use the terms phishing scams and pharming attacks. A parrothead must have written the article.?? !!

Key Lime Lee · Post by **Key Lime Lee** » March 21, 2005 8:03 pm

The word "phishing" comes from the analogy that Internet scammers are using email lures to "fish" for passwords and financial data from the sea of Internet users. The term was coined in the 1996 timeframe by hackers who were stealing America On-Line accounts by scamming passwords from unsuspecting AOL users. The first mention on the Internet of phishing is on the alt.2600 hacker newsgroup in January 1996, however the term may have been used even earlier in the printed edition of the hacker newsletter "2600".

"Ph" is a common hacker replacement for "f", and is a nod to the original form of hacking, known as "phreaking". Phreaking was coined by the first hacker, John Draper (aka. "Captain Crunch"). John invented "hacking" by creating the infamous Blue Box, a device that he used to hack telephone systems in the early 1970s.

This first form of hacking was known as "Phone Phreaking". The blue box emitted tones that allowed a user to control the phone switches, thereby making long distance calls for free, or billing calls to someone else's phone number, etc. This is in fact the origin of a lot of the "ph" spelling in many hacker pseudonyms and hacker organizations.

By 1996, hacked accounts were called "phish", and by 1997 phish were actually being traded between hackers as a form of currency. People would routinely trade 10 working AOL phish for a piece of hacking software that they needed.

http://64.233.161.104/search?q=cache:Rb ... igin&hl=en

conched · Post by **conched** » March 21, 2005 9:26 pm

Now, that is interesting stuph! I now phind myself with that strange feeling that I have to use "ph."