Monday, February 7, 2011

Cyber criminals turn more virulent - - 05 Feb 2010

Bangalore It is becoming far more easier for non-technical criminals to launch online attacks on consumers and businesses with attack tools and services now becoming widely available in the underground economy. This will result in a much larger pool of cyber criminals, going ahead, a new report from Internet security software firm Symantec warns. 
Attack toolkits – software programmes used to facilitate the launch of attacks on networked computers – are becoming relatively easier to use and no longer requires people with advanced programming skills to operate. The kits are now featuring easy to use icon-driven user interfaces, checkboxes and pull down menus. The user friendly features are evidence of increasing organisation and profitability of the underground economy, the report notes. The prices of attack toolkits are on the rise as well. In 2006, a popular toolkit called WebAttacker was sold for $15 while in 2010, another popular kit named ZeuS 2.0 was advertised for a whopping $8,000 on the underground. The most prevalent attack kits currently are MPack, Neosploit, Nukesploit, P4ck and Phoenix.

ZeuS accounts for about 65% of advertised toolkits. Symantec said in August 2010, it was used to harvest 60 GB of data from 55,000 compromised computers; the kit was used to steal $1 million from UK accounts and $3 million from US bank accounts.

“Earlier, it used to take a longer time to write exploits as hackers had to create their own threats from scratch. Now, attack kits have become accessible leading to a faster proliferation of attacks. The attack kits are being marketed with discounts, free services and guarantees,” vice president of Symante’c India Product Operations Shantanu Ghosh said.

The service-based secondary economy is now booming with post-purchase services enhancing the profitability of toolkit developers. Regular feature updates are provided as well. The security software firm says the frequency of attacks rises when new exploits are released.

No comments: