- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
San Francisco -- Cybercriminals have created a global business with a supply chain every bit as organized and sophisticated as that of any legitimate business. The difference is that cybercrime takes advantage of unsuspecting consumers and insecure businesses to steal untold amounts of money.
According to security experts and spam fighters speaking at a panel discussion on Wednesday at the RSA Conference, the modern, online criminal ecosystem starts with botnets, which are consumer or college PCs that have been taken over by hackers. A cybercriminal can easily go online and buy a bot-herd. In fact, Joe St. Sauver, manager of security programs at the Internet2 networking consortium and the University of Oregon, said there are 5 million to 5.5 million botnets in active rotation at any time.
Of course, cybercriminals need only a few hundred spambots to send out millions of spam e-mails. Today, a cybercriminal can hire programmers to come up with the latest and greatest types of spam, such as image spam or spam put into PDF attachments. Spammers send test runs through ISPs to see what types of spam get through the easiest, said Larry (who refused to disclose his last name) from the spam-fighting SpamHaus Project.
The types of spam include the traditional "pump and dump" stock-manipulation spam, plus spam for a variety of products. Cybercriminals have become so good at it that they use phishing to fool customers into going to a fake pharmaceutical site and actually fulfill orders for drugs so they can get repeat business. Patrick Peterson of Cisco's IronPort division said this means the cybercriminals have a back-end ecosystem that takes orders, boxes up pills (which may or may not be the pills that the customer ordered) and sends a physical order to the customer.
Larry added that it's easy to get a list of e-mail addresses online. It's easy to get a "spam template" that helps the cybercriminal create the spam message. And there's a program called darkmailer that combines the list of addresses, the spam message and a list of hacked machines. All the cybercriminal has to do is "hit a button," and the program does the rest. "It makes anybody a spammer," he said, adding that he's been fighting spam since he got his first spam message in 1994.
14 years ago, I dealt with somebody like Childs. I was the new manager and the veteran techie knew it...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment