Recently there is a huge problem for Americans who fear tax authorities. It is said that criminal gangs have been plotting particularly on these groups of people, and have been convincing them to download malicious software. This spamming campaign is currently entering its 3rd week and things seem to be only getting worse. According to some researchers this could be the most prominent spam-delivered virus in the world as of right now.
The first spotting of the spam happened to be on September 9. It was picked up by the security firm’s anti-spam vendor known as Cloudmark. Security researchers have said that Cloudmark has recently counted 11 million messages sent to the security’s nearly 2 million desktop users. What the message displays is a subject line that reads, “Notice of Underreported Income,” and it tries to encourage victims to install the Trojan virus or click on a website link in order to show their “tax statement.” The link only takes the victims to a site that is malicious.
The biggest issue with this spam is dealing with what is known as malware. Malware is software designed to infiltrate or damage a computer system without the owner’s consent. The malware involved with this spam is known as the Zeus Trojan. This type of malware is extremely hard to detect. What the software is built to do is hack into victims accounts and take as much if not all of their money out. There are estimates that criminals could be taken out as much as a million a day from victims. Recently, small businesses have been taken the biggest loss because banks are choosing not to back them up in this situation. Banks are choosing to place the blame on the small businesses for not being responsible.
There are techniques for blocking malware but the biggest issue is there isn’t a way to stop people from going to sites and downloading. Another issue is that out of the 41 anti-virus systems that the security firm has; only five have been able to detect the Zeus Trojan.
According to Paul Ferguson a researcher with Trend Micro, “It’s difficult to stay ahead of it because the Zeus binaries are changing a few times a day.” “It’s definitely a problem.”
This biggest problem in this event seems to be that people aren’t well informed enough to know not to pay attention to such spams. It seems that people generally panic when they read things that have to do with their money. Spams that deal with the loosing of money tend to work the best and have the most success. Sometimes it seems that if you create a spam that will say “Tomorrow your money will be gone if you don’t do A, B, or C,” people most likely will do it because of panic. The only way this spam can be contained is if people just delete it, and security firms get enough time to detect it more. Firm’s still need the help of the people more than anything to slow the breaching down.
Sources:
http://news.techworld.com/security/3202748/security-firms-battle-worlds-big...
Monday, September 28, 2009
Subscribe to:
Post Comments (Atom)
Posts
Things like this are real problems. Sure, the IRS would never email you with something like this, but many people don't know this. It is true when it comes to money, people panic, and that is why it is so easy for people with malicious intent to get people to click on links by acting like banks or the IRS. The only way to prevent this is through raising awareness, but there are so many people to educate and the schemes are always getting more and more complex so it is difficult to keep up with them.
ReplyDeleteThe fact that the virus is hard to detect makes it even worse because it can be a long time before you realize your computer is infected and that you need to do something about it. I guess the only way to combat that is to have the most up to date anti virus programs as possible. Even in this case, it seems like the bad guys evolve faster than anti virus programs can be updated.
If we know that hackers are getting access to things they should not be, why can't we combat against them and make a software that informs us when anything and everything suspicious is detected on your computer? There should be an automatic button to cancel any virus that starts to invade each computer. I know I have several virus's detected but in order the rid them from my PC, I would have to purchase additional software and the software is extremely expensive. It would be nice to make a software package that is more economical, that way more of the population can have access to it.
ReplyDeletePeople with computers, which is nearly everyone, need to become more aware of online traps and to take them seriously. One way to make people notice the danger of each site is by notifying them through email as soon as the spam is detected. The less proactive we are about spreading the word, the more and more people will struggle. We have to be smarter when clicking links and going to random web pages. Rather than ignoring the obvious warnings of insecure sites we should stay away from anything and everything questionable.
While these attacks are quite unfortunate, it does seem to bring up the importance of personal responsibility. Small businesses are particularly pressed for time and it would seem understandable that they would prefer not to spend valuable time dealing with tax issues. While this is clever planning on the part of the attackers, small business owners specifically need to be aware that their financial information is particularly valuable as even a relatively small breach can decimate their business. Microsoft can take a million dollar heist and still stay afloat, many others cannot. It is the burden of the owners to ensure that those responsible for the finances of the company (many times themselves) are only disclosing private information to trusted, legitimate authorities.
ReplyDelete