Phishing, malware laden USB sticks stoke holiday attacks

By Robert Westervelt, News Editor 20 Nov 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

IBM's Internet Security Systems (ISS) division is warning people and businesses to be especially careful this holiday season as cybercriminals could leave malware laden gifts as stocking stuffers.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Earlier this year, hackers have been discovered tainting USB sticks and other gadgets that connect to the computer via USB drive with malicious software that infects the machine and attempts to steal sensitive data, such as account passwords, credit card information and personally identifiable information.

Attackers are going back to the floppy days of how worms were spread. Gunter Ollmann, chief security strategist, IBM ISS

The problem has become serious enough to cause the U.S. Strategic Command to suspend the use of USB sticks, CDs, flash media cards, and other removable storage devices on military networks, said Gunter Ollmann, chief security strategist, IBM ISS.

"Attackers are going back to the floppy days of how worms were spread," Ollmann said.

Even USB sticks that purportedly come from legitimate sources could be tainted. In April, USB 2.0 floppy drive keys shipping with Hewlett-Packard Co. ProLiant servers were infected with malware. In 2006, a small number of Apple iPods were infected with malware. At the time experts pointed to pre-installed malware as a growing trend.

Related security news: Malware found on HP ProLiant server USB keys: USB 2.0 floppy drive keys shipping with some Hewlett-Packard Co. ProLiant servers have been infected with malware. It's the latest sign that pre-installed malware is on the rise. Cybersquatters, phishers sharpen tactics for holiday season: Consumers may have a greater chance of getting scammed this holiday season thanks to cybsersquatters and phishers offering free gift cards and brand name items. Infected iPods a threat to corporate networks: Rob Israel likes Apple Computer Inc.'s popular iPod as much as the next guy. But he's not about to let employees plug them into their work machines to download new tunes and videos.

Ollmann advised not to use USB sticks that come from an unknown source, keep your system patched and your PIN numbers secret. Users can also block their autoplay feature when connecting the USB device and terminate USB drivers. However, taking those steps can cause issues with printing and connecting to the network, he said.

Even with the demise of McColo, the ISP suspected of being the harbinger of malicious websites and spam bots, security pros say spam and phishing attacks will increase, as they traditionally do during the holiday season.

Spam and phishing attacks will also carry a holiday theme in the coming weeks, but IBM says users should be especially aware of messages that attempt to exploit the banking industry problems. Phishers are looking to take advantage of shaky consumer confidence, IBM said.

Phishing gangs will also return to an old method of launching new fake online shopping portals that spoof well-known brands in an effort to steal credit card information. The sites could be promoted using spam campaigns touting discounts, IBM said. The old method of exploiting cross-site scripting (XSS) flaws in websites can cause some legitimate websites to be redirected to a malicious page.

Many firms are turning to code scanning tools and penetration testing software to conduct application level scanning, but constant website changes could cause problems, Ollmann said.

SearchSecurity radio:

"They're using third-party developers and often updating sites with new widgets and other code that could be vulnerable if they're not careful," Ollmann said.

Spam messages are getting a little more sophisticated, according to the IBM ISS X-Force security research team. The researchers are warning that new holiday messages coming from an unknown sender could contain a new form of "parasitic" malcode. The spam was discovered earlier this year and evades antivirus and personal firewalls to infect a victim's computer.

If the attack comes in the form of a spam message, end users will have to open an attachment for the attack to be successful. But Ollmann said some malware attempts to exploit vulnerabilities in email clients and browsers making it easier to dupe a victim.

Tags: Malware, Viruses, Trojans and Spyware,  Security Industry Market Trends, Predictions and Forecasts,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated Security Industry Market Trends, Predictions and Forecasts M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Information Security magazine Security 7 Award winners Security Squad: Privacy gone awry Security Industry Market Trends, Predictions and Forecasts Research Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary