Phishing, malware laden USB sticks stoke holiday attacks

IBM's ISS division said consumers and businesses face increased security risk as cybercriminals take advantage of the holiday season with phishing and malware laden USB sticks.

IBM's Internet Security Systems (ISS) division is warning people and businesses to be especially careful this holiday season as cybercriminals could leave malware laden gifts as stocking stuffers.

SearchSecurity.com:

To get security news and tips delivered to your inbox,  click here to sign up for our free newsletter.

Earlier this year, hackers have been discovered tainting USB sticks and other gadgets that connect to the computer via USB drive with malicious software that infects the machine and attempts to steal sensitive data, such as account passwords, credit card information and personally identifiable information.

Attackers are going back to the floppy days of how worms were spread.
Gunter Ollmann, Chief Security Strategist IBM ISS

The problem has become serious enough to cause the U.S. Strategic Command to suspend the use of USB sticks, CDs, flash media cards, and other removable storage devices on military networks, said Gunter Ollmann, chief security strategist, IBM ISS.

"Attackers are going back to the floppy days of how worms were spread," Ollmann said.

Even USB sticks that purportedly come from legitimate sources could be tainted. In April, USB 2.0 floppy drive keys shipping with Hewlett-Packard Co. ProLiant servers were infected with malware. In 2006, a small number of Apple iPods were infected with malware. At the time experts pointed to pre-installed malware as a growing trend.

Related security news:

Malware found on HP ProLiant server USB keys: USB 2.0 floppy drive keys shipping with some Hewlett-Packard Co. ProLiant servers have been infected with malware. It's the latest sign that pre-installed malware is on the rise.
 

Cybersquatters, phishers sharpen tactics for holiday season: Consumers may have a greater chance of getting scammed this holiday season thanks to cybsersquatters and phishers offering free gift cards and brand name items.

Infected iPods a threat to corporate networks
: Rob Israel likes Apple Computer Inc.'s popular iPod as much as the next guy. But he's not about to let employees plug them into their work machines to download new tunes and videos.

Ollmann advised not to use USB sticks that come from an unknown source, keep your system patched and your PIN numbers secret. Users can also block their autoplay feature when connecting the USB device and terminate USB drivers. However, taking those steps can cause issues with printing and connecting to the network, he said.

Even with the demise of McColo, the ISP suspected of being the harbinger of malicious websites and spam bots, security pros say spam and phishing attacks will increase, as they traditionally do during the holiday season.

Spam and phishing attacks will also carry a holiday theme in the coming weeks, but IBM says users should be especially aware of messages that attempt to exploit the banking industry problems. Phishers are looking to take advantage of shaky consumer confidence, IBM said.

Phishing gangs will also return to an old method of launching new fake online shopping portals that spoof well-known brands in an effort to steal credit card information. The sites could be promoted using spam campaigns touting discounts, IBM said. The old method of exploiting cross-site scripting (XSS) flaws in websites can cause some legitimate websites to be redirected to a malicious page.

Many firms are turning to code scanning tools and penetration testing software to conduct application level scanning, but constant website changes could cause problems, Ollmann said.

"They're using third-party developers and often updating sites with new widgets and other code that could be vulnerable if they're not careful," Ollmann said.

Spam messages are getting a little more sophisticated, according to the IBM ISS X-Force security research team. The researchers are warning that new holiday messages coming from an unknown sender could contain a new form of "parasitic" malcode. The spam was discovered earlier this year and evades antivirus and personal firewalls to infect a victim's computer.

If the attack comes in the form of a spam message, end users will have to open an attachment for the attack to be successful. But Ollmann said some malware attempts to exploit vulnerabilities in email clients and browsers making it easier to dupe a victim.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close