[Dabhand16]

Net criminals shun virus attacks

Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts.
Some cyber criminals have exploited file-sharing networks and popular webpages to attack targets.

The malicious hackers have turned to these methods instead of going to the trouble of hijacking home PCs.

Using these methods the hi-tech criminals have staged some of the biggest attacks security experts have

ever seen.

Attack pattern

For some time the tool of choice for hi-tech criminals has been a botnets of hijacked home PCs.

Botnets are collections of computers under the remote control of a hi-tech criminal.

Botnets are used to relay junk e-mail or spam and as a resource to mine for saleable information such as logins or credit card numbers.

Many botnets are also used to attack other computers in denial of service attacks which try to overwhelm the target server with huge amounts of data.

Computers, usually Windows machines, get enrolled in a botnet when their owners open an e-mail bearing a virus or visit a booby-trapped webpage.

But, said Paul Sop, chief technology officer of security firm Prolexic, some creative criminals have found a way to mount denial of service attacks without hijacking any PCs.


One attack seen by Prolexic in May exploited a popular peer-to-peer or file-sharing network.
Many file-sharing systems use hubs or servers that point people to the right place to download the movies, music and other media they are interested in.

"If a hub was going down for maintenance it would tell people to connect to another one," said Mr Sop.

By exploiting this administrative foible, an attacker was able to bombard a server with traffic from tens of thousands of file-sharers none of whom knew they were taking part in the denial of service attack.

"There's no malware on any of those computers," said Mr Sop which meant the attacks were hard to stop and to defend against.

He added that the file-sharing network attack was one of the biggest and involved gigabits of traffic every second.

Prolexic had also seen attacks that exploit the popularity of a webpage to attack another site or server. On the popular page attackers placed a chunk of Javascript code which told the computers of visitors to bounce data off the target site.

Again, said Mr Sop, no virus or worm was involved but a target site could be saturated with the traffic.

Andre' M. Di Mino, administrator for the Shadowserver Foundation which tracks botnets, said the development was one of many it had seen as malicious hackers sought innovative ways to set up botnets or mount attacks.

"The topologies are varying as we see more P2P and http nets each day," he said. "This is a very growing and troubling trend."

The Shadowserver group had also seen increasing attacks on servers so attackers can booby-trap them to catch out visitors.

"As the servers themselves are compromised, even the most careful end-user is now more vulnerable for infection," he said.

Source: BBC