Internet Security Review - 2008

2008 was an interesting year in the security field. Many things changed, from the way computers were being infected, to the goals of attacks.

• New goals – Traditionally, malware had any of several goals. Hackers may try to commit identity theft, or to use a compromised computer as part of a botnet to send spam, or to steal usernames and passwords to online bank accounts. In 2008, however, it is estimated that between 50 and 75 percent of attacks were aimed at stealing online gaming accounts, mostly for World of Warcraft. Blizzard Entertainment (maker of WoW) has responded with numerous security advisories and enhancements, including the release of a hardware authenticator that can be used to lock down accounts. Blizzard has reported that 2008 saw the highest subscription rate as World of Warcraft became one of the most played games in history, and 2008 also saw the highest rate of account compromise.
• New types of malware – In addition to the more familiar malware, such as adware, spyware, keyloggers and Trojans, two new classes of threats became common during 2008; extortionware and scareware. Extortionware is a class of virus that encrypts all files of a specific type on the infected system with a high level of encryption, and then gives the victim instructions where to pay to get the decryption key. Scareware infects the system with a fake antivirus system that warns the user of multiple infections, in an effort to coerce the user into purchasing the antivirus product, which is a fake application that installs keyloggers and other malware.
• New methods of infection – Missing in 2008 were stories about widespread, net traversing e-mail viruses. Instead, most of the infections in 2008 resulted from hacked web sites. Even as search engines tried to combat the problem by warning users of potentially malicious links in their own results, the search engines themselves were used as a tool to spread infections, as forwarders on well known and trusted sites were abused to put malicious links at the top of the search engine results.
• New ways to hide hacks – Hackers that attacked web sites employed new methods in 2008 to hide their attacks from site owners, abusing .htaccess rules on attacked sites to cause attack code to only be displayed to users following links from the major search engines. This method leaves the attack code virtually invisible to the search engine spiders that attempt to warn users about malware, and to the owners of the web site, who would rarely use a search engine to visit their own site, and would thus never be exposed to the attack code.

As the threats have intensified, new defensive measures began to gain popularity to combat the wide range of emerging threats.

• Hardware authentication – To combat the high rate of account compromise, Blizzard became the first company to implement on a large scale a hardware authentication mechanism. Although similar technology has been proposed on smaller scales by banks for their customers, or implemented on a small scale by companies to secure internal information, 2008 saw the first major push by a large corporation to introduce and implement this technology.
• Web site prescreening – Many of the larger anti-virus providers began incorporating technology to scan web pages before they were loaded by the visitor. For some systems, this meant that the antivirus company would check the page before it was requested by the user. For others, it means that the page would be loaded into a “secure” area of the computer’s memory to be scanned before being rendered by the browser. This helped alleviate some of the threat of hacked web sites. However, the technology still has not become prevalent.

As the threats have intensified, a robust, multi-tiered approach to security remains essential. Anti-virus software is no longer enough to protect a network. Numerous components working together are required to ensure the security of any system or network.

• An external hardware firewall or router – The external firewall/router is the first line of defense for any network, hiding the network from drive-by attacks by blocking unsolicited incoming network traffic.
• Internal software firewalls – All systems on the network should be protected by robust software firewalls that can monitor traffic between connected systems looking for suspicious traffic. Free software firewalls include Zone Alarm and Comodo Pro. The firewall included with Windows is not sufficient for this.
• Strong Anti-virus – a strong antivirus application is required on every computer on the network. This software must be kept up to date, checking for updates at least once a day. One of the top rated Anti-virus applications currently is Kapersky. There are some highly rated free AV applications such as Avast!, however these applications generally do not have all the features of a commercial product.
• Anti-Spyware – A commercial or freeware anti-spyware application should be run regularly to look for malware that might have been missed by the antivirus software. This can happen with new viruses, as malware may take days or weeks to be identified and added to the scan lists of different antivirus products.
• Regular updates – As patches are released for security software, browsers, operating systems, and software, it is essential that they be applied immediately. Almost any vulnerable application can be used to attack your system, so patches must be applied as soon as they become available.

It is no longer enough to simply rely on your wits, avoiding potentially dangerous places on the web to stay safe. Any trusted web site can be compromised and become a threat to the safety of your computer and network. Only by keeping up to date with your patches and employing proper security measures can you protect yourself.
Its not paranoia. They are out to get you.