Beware of attack tool kits from malicious websites: Symantec
By Fakir Balaji, IANSMonday, January 24, 2011
BANGALORE - The latest threat to internet users from hackers is tool kits from malicious websites that attack computers with software programmes, says global security solutions provider Symantec Corporation. Its global intelligence network has detected 240,000 attack tool kits across 200 countries.
“Attack tool kits are software programmes that infect networked computers when unsuspecting users surf malicious websites created by cyber criminals,” Symantec India vice-president Shantanu Ghosh told IANS here, citing a Symantec study.
The ease with which tool kits are accessible has drawn even traditional criminals without expertise into cybercrime, fuelling a self-sustaining, profitable and organised global economy, the study by the US-based company’s security technology and response unit pointed out.
“A techie who develops the kit customises the publicly available exploit code and incorporates it into the kit for setting up a malicious website, which attacks computers when viewed,” Ghosh explained.
The Symantec global intelligence network, which identifies cyber threats, takes action and prevents impact, detected 240,000 attack tool kits across 200 countries worldwide in a recent survey.
“As cyber attacks have become more profitable, tool kits have become popular with newer versions. These kits are sold on a subscription-based model with updates and support services,” Ghosh noted.
For instance, the most prevalent kit codenamed Zeus poses a serious threat to users as it steals bank account details in the absence of safeguards.
US cyber sleuths arrested a dozen cyber criminals in September 2010 for stealing about $70 million from online banking and trading accounts using a Zeus botnet.
“The speed at which new vulnerabilities and their exploits spread across the world has increased due to smart developers integrating the attack kits with products,” Ghosh observed.
Tool kits account for about 60 percent of all threat activity on malicious websites and the attacks are set to go up as kits become robust and easier to use.
A single attack kit installed on a popular website can exploit a large number of users in a short time and proliferate rapidly to facilitate more page views, the study found.
“If hackers had to create threats from scratch in the past, attack tool kits have made it easy for even a malicious novice to launch a cyber attack,” Ghosh said.
The study revealed that a whopping 310,000 unique domains (websites) were malicious, resulting in about 4.4 million malicious pages per month.
The other prevalent attack kits are MPack, Neosploit, Nukesploit P4ck and Phoenix. They attack the computers when unsuspecting viewers visit adult entertainment websites, which accounted for 44 percent of the search terms.
Accounting for 65 percent of advertised toolkits, Zeus was used to harvest 60 gigabytes (GB) of data from 55,000 compromised computers in August 2010.
Cyber criminals used the Zeus kit to steal $1 million from British accounts and $3 million from US bank accounts, the report highlighted.
“The remedy is to ensure all software is up-to-date with vendor patches. Asset and patch management solutions help to ensure systems are compliant by using anti-virus and intrusion prevention systems,” the study suggested.
Admitting that cyber crime had emerged as a big business worldwide, Ghosh averred that the exponential growth of malicious codes clearly indicate that attackers were sophisticated and organised to optimise resources.
The unknown software developer profits by selling the tool kits and their users make money by stealing vital information online.
“Attack kits allow hackers to enter the market with sophisticated tools and easy to use icon-driven GUIs that include checkboxes and pull down menus,” Ghosh added.
(Fakir Balaji can be contacted at fakir.b@ians.in)