Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
The Internet Security The Almighty Buck

Growth of the Underground Cybercrime Economy 94

Posted by samzenpus from the nothing-is-safe dept.
AC50 writes "According to research from Trend Micro's TrendLabs compromised Web sites are gaining in importance on malicious sites created specifically by cyber-criminals. The research debunks the conventional wisdom about not visiting questionable sites, because even trusted Web sites such as those belonging to Fortune 500 companies, schools, and government organizations can serve forth malware."
This discussion has been archived. No new comments can be posted.

Growth of the Underground Cybercrime Economy More

Growth of the Underground Cybercrime Economy

Comments Filter:

  • No kidding! (Score:1, Interesting)

    by Anonymous Coward on Thursday February 21, 2008 @02:33AM (#22499370)
    "...even trusted Web sites such as those belonging to Fortune 500 companies, schools, and government organizations can serve forth malware." I've been telling my users this forever. Some of them just don't have the mind set or skills to fend off the malware, which is part of why I have a job. It's all about locking down the computer. Of course, this is a sliding scale. Lock it down enough to totally (possible??) protect it, and the user can't do many of the usual tasks. Leave it open to being able to work, and you have security holes. I've always been a fan of sandboxing, but it's still too complex for the usual user. If the user makes changes that need to be stable, then how do they commit them without risking infection from some malware they've picked up in the process? Security is a moving target and we must always be ready to recover from an incident, no matter how secure we THINK our computers are. It's a dirty world out there, as this article ably demonstrates.

  • Re:it's called No Script (Score:3, Interesting)

    by Architect_sasyr ( 938685 ) on Thursday February 21, 2008 @02:43AM (#22499432)
    An interesting feature of google that I've always liked is the "This page may harm your computer" or whatever they put on dangerous links. I wonder how viable it would be to have a firefox plugin that did something similar. Not so much the patching of the bugs, but maybe some sort of distributed (P2P) system that says "Yep, this is dangerous, we aint patched it yet, so go there if you like but we don't recommend it"

    Might help out, might not. If I had something like that running in my company I reckon I could reduce half the problems (as opposed to making the proxy server do all the work).

  • The Power of Google (Score:5, Interesting)

    by TubeSteak ( 669689 ) on Thursday February 21, 2008 @02:55AM (#22499516) Journal
    http://www.google.com/search?q=site:.edu+viagra [google.com]
    http://www.google.com/search?q=site:.gov+viagra [google.com]
    Only two pwned sites in the top 10 for .gov
    It'd be ironic if idtheft.utah.gov was handing out malware.

    Replace viagra with other spamwords & you'll get more of the same

  • Re:The Power of Google (Score:5, Interesting)

    by TubeSteak ( 669689 ) on Thursday February 21, 2008 @03:09AM (#22499588) Journal
    I hate replying to my own comments, but the States seem to be doing a much poorer job than the Federal Government.

    http://www.google.com/search?q=site:k12.ny.us+viagra [google.com]
    That brings up pwned K-12 school websites from New York

    http://www.google.com/search?q=site:.ny.us+ringtones [google.com]
    This frequently brings up state websites
    EG: New York State's Division of Military and Naval Affairs website has been exploited.

    I don't mean to pick on New York, but they seem to be worse than many other States.
    Replace .NY. with your state's abbreviation

  • Re:it's called No Script (Score:5, Interesting)

    by mlts ( 1038732 ) * on Thursday February 21, 2008 @03:37AM (#22499706)
    I think as time goes on, perhaps the best way to browse the Web is having a virtual machine running under a dedicated, locked down user, so if the OS in the VM is compromised, an unknown exploit that might let malware out of the VM to compromise the host would be stopped. Its not 100%, but it seems to be the best way of doing things. Of course, the Web browser should have Noscript and Adblock functionality for a lock on the front door.

    Eventually, I wonder if the Web browser should be completely enclosed in its own VM, where it doesn't require an explicit launching of a client OS, perhaps similar to how Thinstall wraps applications so all changes are only written to a sandbox directory. Vista's protected mode in IE7 is a start, where IE7 does not have access to the full Registry, but more separated from the rest of the machine with limits on CPU and other resources.

  • Re:Windows XP SP3 (Score:3, Interesting)

    by sumdumass ( 711423 ) on Thursday February 21, 2008 @03:55AM (#22499778) Journal

    They never heed the requests to install updates and reboot, since that takes so long. Then when their machine slows to a crawl with adware, they ask us to fix them. And in other cases, their computers join a botnet and spam us all.
    This might be more because they havehad an experience where an update broke their computer or some app. This is probably especially true when SP2 came around because of it's ability to fail and render the computer useless if certain Spyware has been installed. They might have fixed that bug, but I was stuck restoring a lot of computers for suckers who had automatic updates on and clicked go ahead when SP2 was offered.

    And I say suckers not because they installed SP2, but because they had so much spyware that it could actually cause sp2 to fail and leave them without a working computer. I don't know if it still is that way or not. But it was a problem when it first came out. I also have a couple printers and some barcode readers fail on sp2 or an update right around that time. Yea, basically a serial connection fails to work and needed to be replaced with a newer version to run in XPsp2. I don't know what they were doing with the Barcode reader that required that much of a tie in to XP that a service pack or an update could break it's operation. But anyways, things breaking is probably a more valid reason these people are gun shy the just laziness. Although, I wouldn't completely discount laziness.

  • No news is old news (Score:2, Interesting)

    by Anonymous Coward on Thursday February 21, 2008 @04:48AM (#22499962)
    Noughtly, disclaimer: I work for a Trend competitor.

    Firstly, everyone in this market puts out these sort of research reports - monthly, quarterly, annually, it varies - partly to inform and educate, but mostly for the PR value. Of course everyone sees much the same threat environment, so they're all much of a muchness, PR spin notwithstanding. I don't see my employers' annual threat survey on the Slashdot front page; hmmmm, maybe I should submit it? Or maybe not...

    Secondly - "serve forth" PUH-leassseee... just reminds me of the great UK rapper Silver Bullet and his popular number, "Bring Forth the Guillotine! [wikipedia.org]" from 89. Oh hey, look, anti-virus software... silver bullet... myth... hmmmm.

  • Re:it's called fleeing in terror! (Score:2, Interesting)

    by red star hardkore ( 1242136 ) on Thursday February 21, 2008 @06:03AM (#22500274)
    Kind of hard to progress also when you wake up some morning and find your life savings have been transferred to some dodgy account in Russia. It isn't fleeing in terror, it's putting a hold on things until developers realise that security is as important as functionality.

  • Re:Windows XP SP3 (Score:3, Interesting)

    by cerberusss ( 660701 ) on Thursday February 21, 2008 @07:54AM (#22500776) Journal
    You're modded funny, but when a new Dell Vostro costs $299 and the machine is more than 2 years old, then it might be worth it.

Slashdot Top Deals

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Close