Bots in the A/C, spyware in the 'fridge

By Bill Brenner, News Writer 31 Oct 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Over time, the computers inside air conditioners, refrigerators, televisions and automobiles will increasingly connect to cyberspace. This phenomenon also will open them up to the same attacks now threatening PCs, servers and databases.

Are we as an industry prepared for such an assault? No. But Trend Micro executives last week said in time, we will be better equipped to take on such attacks.

"You're seeing computer networks built into everything," said David Michael Perry, global director of education for the Tokyo-based antivirus firm. "Look at cars. Door locks are increasingly controlled by computer networks. If you lock the keys in the car, OnStar can unlock it for you." Perry also noted how he can use the Internet to turn down the air conditioner in his house and how TiVo "is nothing but a networked computer."

These technological advances will also make it possible for online outlaws to steal cars via the Internet or hijack the computer in the refrigerator. In the big picture, Perry said, the steady integration of computerized devices will give the bad guys limitless opportunities to burglarize users. The shift from viruses and worms to spyware and bots shows they are already adjusting their tactics to exploit increasingly integrated systems.

"There were no viruses in our last Top 10 malware list," Perry said. "At last check rootkits were the top threat. Our Top 10 lists are now dominated by botnets." ((Content component not found.))

Of these newer threats, enterprises are especially spooked by spyware, said Lane Bess, Trend Micro's North American president. That's one of the reasons Trend Micro bought Braintree, Mass.-based antispyware firm InterMute Inc. this year, he said.

As attackers perfect ways to target integrated networks and maximize their financial gain, Bess said enterprises and IT security professionals must also work to improve their defenses. At this point, he and Perry agree there's room for improvement.

Changing corporate culture
"When we sell to enterprises, we see a fiefdom issue where there are IT people over there, security people over here," Bess said. "Enterprises are demanding integrated security, but as part of that you have to get the different fiefdoms working together."

He does see some evidence of that happening. Once upon a time, he said, companies would have one group managing the desktops, another group to manage the firewalls. That's still the case in some organizations. But he sees a trend where more IT security teams are made up of people who can tackle any threat to any device. Perry is seeing it, too. "The best chief information security officers have security teams where everyone on the team knows everything," Perry said.

But even the smartest IT security staff is no match for user ignorance. "User education is paramount," Perry said. "They need to learn to look at the Internet as a city. You can move into the wrong neighborhood and it can ruin your life. You need to learn where to park or walk and where not to park or walk."

The enterprise culture of secrecy must also change, he said. Bots and schemes like phishing and pharming have led to a crime wave where the victims -- corporations -- don't want to report it to the authorities.

"Nobody wants to press charges because they don't want to admit they were attacked," Perry said. "The question now is: When does the crime become egregious enough that the need to stop it outweighs the need to cover up the embarrassment of being hit?"

Improve rules of law and software writing
Even when a company is willing to report being attacked, Perry said law enforcement's ability to respond isn't yet where it needs to be. Last summer's Zotob attack is the best example of that, he said.

"The Zotob aftermath showed we need a better extradition policy," Perry said. "Investigators found those who were responsible. But because the extradition procedures for something like this aren't there, they had to circle in the air above the countries where the suspects were until a solution was eventually reached."

Two men were eventually arrested for their role in the attack -- one from Turkey and the other from Morocco. Instead of being sent to the United States, the defendants are expected to be prosecuted in their home countries.

While cultural and legal challenges remain, Perry said there's also room for improvement in the software- and hardware-making process. "Hardware and software must be more secure in general," he said. "Security software must be better."

Perry sees a future in which the Internet itself is remade for security's sake. "There will be a new Internet with a new TCP/IP," Perry said. "All of it will have to be rewritten with security in mind."

New products reflect philosophy
For now, Bess said Trend Micro is doing its part to produce better security technology with the release of new products this week. The offerings include:

• A "Worry-Free Security" initiative to help smaller businesses with little or no IT support. The first phase of the initiative includes the latest versions of Trend Micro's antivirus and antivirus/antispam tools with added personal firewall protection. Client Server Security for SMB 3.0 offers a new automated approach to threat monitoring, response and defence. Client Server Messaging Security for SMB 3.0 adds protection against spam, phishing, and malicious e-mail.
• Trend Micro Anti-Spyware Enterprise Edition, the latest antispyware product to incorporate technology the company acquired with the purchase of InterMute. It's a standalone tool for desktops at mid-sized organizations and larger companies.

Bess said the Worry-Free Security initiative fills the need enterprises have for more integrated, automated tools while the latest antispyware product reflects the fact that companies still want standalone tools to incorporate into larger, home-grown defenses.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Emerging Information Security Threats,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary