Phishing, malware laden USB sticks stoke holiday attacks

By Robert Westervelt, News Editor 20 Nov 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

IBM's Internet Security Systems (ISS) division is warning people and businesses to be especially careful this holiday season as cybercriminals could leave malware laden gifts as stocking stuffers.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Earlier this year, hackers have been discovered tainting USB sticks and other gadgets that connect to the computer via USB drive with malicious software that infects the machine and attempts to steal sensitive data, such as account passwords, credit card information and personally identifiable information.

Attackers are going back to the floppy days of how worms were spread. Gunter Ollmann, chief security strategist, IBM ISS

The problem has become serious enough to cause the U.S. Strategic Command to suspend the use of USB sticks, CDs, flash media cards, and other removable storage devices on military networks, said Gunter Ollmann, chief security strategist, IBM ISS.

"Attackers are going back to the floppy days of how worms were spread," Ollmann said.

Even USB sticks that purportedly come from legitimate sources could be tainted. In April, USB 2.0 floppy drive keys shipping with Hewlett-Packard Co. ProLiant servers were infected with malware. In 2006, a small number of Apple iPods were infected with malware. At the time experts pointed to pre-installed malware as a growing trend.

Related security news: Malware found on HP ProLiant server USB keys: USB 2.0 floppy drive keys shipping with some Hewlett-Packard Co. ProLiant servers have been infected with malware. It's the latest sign that pre-installed malware is on the rise. Cybersquatters, phishers sharpen tactics for holiday season: Consumers may have a greater chance of getting scammed this holiday season thanks to cybsersquatters and phishers offering free gift cards and brand name items. Infected iPods a threat to corporate networks: Rob Israel likes Apple Computer Inc.'s popular iPod as much as the next guy. But he's not about to let employees plug them into their work machines to download new tunes and videos.

Ollmann advised not to use USB sticks that come from an unknown source, keep your system patched and your PIN numbers secret. Users can also block their autoplay feature when connecting the USB device and terminate USB drivers. However, taking those steps can cause issues with printing and connecting to the network, he said.

Even with the demise of McColo, the ISP suspected of being the harbinger of malicious websites and spam bots, security pros say spam and phishing attacks will increase, as they traditionally do during the holiday season.

Spam and phishing attacks will also carry a holiday theme in the coming weeks, but IBM says users should be especially aware of messages that attempt to exploit the banking industry problems. Phishers are looking to take advantage of shaky consumer confidence, IBM said.

Phishing gangs will also return to an old method of launching new fake online shopping portals that spoof well-known brands in an effort to steal credit card information. The sites could be promoted using spam campaigns touting discounts, IBM said. The old method of exploiting cross-site scripting (XSS) flaws in websites can cause some legitimate websites to be redirected to a malicious page.

Many firms are turning to code scanning tools and penetration testing software to conduct application level scanning, but constant website changes could cause problems, Ollmann said.

SearchSecurity radio:

"They're using third-party developers and often updating sites with new widgets and other code that could be vulnerable if they're not careful," Ollmann said.

Spam messages are getting a little more sophisticated, according to the IBM ISS X-Force security research team. The researchers are warning that new holiday messages coming from an unknown sender could contain a new form of "parasitic" malcode. The spam was discovered earlier this year and evades antivirus and personal firewalls to infect a victim's computer.

If the attack comes in the form of a spam message, end users will have to open an attachment for the attack to be successful. But Ollmann said some malware attempts to exploit vulnerabilities in email clients and browsers making it easier to dupe a victim.

Tags: Malware, Viruses, Trojans and Spyware,  Security Industry Market Trends, Predictions and Forecasts,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware How to get rid of malware, botnets on a hospital IT network Should a national cybersecurity strategy include offensive botnets? How to prevent mobile phone spying How can search results lead to malware? How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises PCI compliance requirement 5: Antivirus Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research Email and Messaging Threats (spam, phishing, instant messaging) How to prevent brute force webmail attacks Unified communications: Securing a converged infrastructure Chained Exploits: How to prevent phishing attacks from corporate spies 3FN.net ISP shutdown interrupts spam campaigns Swine flu outbreak results in spam pandemic What does 'invoked by uid 78' mean? Economy fuels malware, spam Internet Explorer 8 includes a bevy of security features Adobe JBIG2 exploits being spammed, IBM warns Fierce competition prompted new Cisco email security options Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary