Can you stamp out spambots? No, but you can help
Michelle Drolet, CEO, Towerwall
The headline reads, “FBI warns of new malware targeting bank accounts," but it could just as well say, “More new victims born from opening emails.”
From the simple act of opening an email and clicking on an attachment, the victim's username and password to their bank accounts are stolen by a process called keylogging, where the info is presto, logged directly from your very fingers as you type in your credentials.
What's scary is that bogus emails can appear to come from someone you know is a legitimate sender. One of today's newest malware variants is called Gameover, and the email transporting the trojan is seemingly sent from the Federal Reserve Bank or the FDIC. Gameover is a modified version of the infamous Zeus malware that never seems to die.
Cyber criminals have grown in sophistication, on par with the largest of organized crime rings.
But let's keep in mind that companies of all sizes are actively taking part in these schemes. I say “actively” because they are aiding and abetting the proliferation of spam botnets, or spambots, without awareness.
Nearly everyone complains about spam, but how many people know that their own PCs are most likely responsible for sending it? Designers of spambots create malware that converts the PCs of unsuspecting internet users into spam-generating zombies. By using a fraction of processing power from thousands of PCs daisy chained together, these spambots manage to send billions of unwanted emails without the PC's owner ever noticing.
A recent example is Rustock. One of the world's largest spambots, Rustock, which has been shut down, infected more than one million PCs and generated 30 to 44 billion unwanted emails -- about 48 percent of all the junk messages sent, according to security company Symantec. Yet few have heard of it.
From individual home users to Fortune 500 companies, countless web citizens are being affected daily. But unlike widely publicized exploits of yore (remember the ILOVEYOU and Melissa worms?), today's spambots prefer to operate in the dark. They actively avoid publicity so the average person doesn't know about them and therefore won't be looking to detect and eradicate them.
Many attack methods successfully avoid detection by traditional security mechanisms. That's because new detection avoidance schemes are increasingly sophisticated. Like something organic and Darwinian, malware can have the power to continuously mutate, changing its signature in the process.
Attackers work to avoid creating recognizable patterns. Often, intruders install backdoors for easy re-entry. There seem to be limitless ways of eluding detection.
Heuristics and fuzzy logic tools may be an improvement, but they are a far cry from meeting the detection needs of most organizations. All of this begs the question, what steps can you take to prevent your organization from becoming the target of an attack? Is there any way to stamp out spambots?
Probably the best way is to put into place a regular vulnerability testing program to identify weaknesses and quickly address those found. These systems basically scan computers and networks to sniff out holes much like professional hackers do. They find backdoors typically left open and unnoticed by other methods.
By conducting regular internal and external vulnerability testing to identify weaknesses, set priorities, and monitor remediation results, your organization will be in a better position to ward off the bad guys.