Network News

X My Profile
View More Activity

Welcome to Security Fix

This blog is about safe computing -- providing you with tips, advice and how-tos to help you keep your computer free of viruses, spyware, adware and other online scourges. More importantly, it will remind you again and again that remaining secure online is a continuous process. You need to keep yourself aware of all the current threats, the latest software patches, the e-mail scam that could give ID thieves access to your bank accounts and more.

The main point is this: Securing your computer and safeguarding your personal information is not some set-it-and-forget-it, one-time exercise. Regular computer users can hardly be blamed if they thought it was. The advice to home computer users has been the same for years: If you want to fortify your system to keep out online threats, install anti-virus and personal firewall software.

While more and more Americans have started practicing better computer security, criminals have correspondingly improved their methods, perfecting innovative ways to trick users into inviting them onto their computers.

To use an old analogy, it's a constant game of cat and mouse -- and we're the mice. For example, e-mail worms like "Bagle," "Mydoom," and "Netsky" infected thousands of computers last year, each because it succeeded in getting recipients to open an attached file that harbored the virus. Hundreds of worms of this type emerged in 2004, and most were designed to disable security software on infected computers and install programs that configured the machines to help spread future junk e-mail campaigns and phishing scams.

My reporting on phishing over the past six months showed how hacking has evolved from the stereotypical teenager trying to deface a Website for fun to organized networks of criminals focused on stealing your personal financial information.

Not long ago, malicious hackers tended to operate in groups not unlike traditional street gangs; they typically used compromised computers to attack each other in petty online turf battles. Hacker gangs also spent a great deal of their energy spreading the equivalent of digital graffiti by defacing as many Web sites as possible with inane or patently offensive messages.

Today's hacker gangs, by comparison, operate more like the Mafia; they consist of loose affiliations of experienced criminals, including spammers, virus writers and online scam artists. Sure, different online crime families still battle for online turf -- as evidenced by the publicly declared virus war between the authors of the Mydoom, Bagleand Netsky worms.

But like true organized criminals, these groups share a singular motivation -- profit.

One telling indicator of that shift came at the close of 2004 with the conclusion of a study by the Honeynet Project, an international volunteer research organization that intentionally places computers in harm's way on the Internet to gain intelligence about the latest methods hackers are using to break into PCs.

Computers running Microsoft Windows have always been a favorite target for attackers, but last year brought a new speed record for the amount of time it takes for an unprotected Windows machine to become compromised by a virus, worm or online attacker. Two years ago, that window of time was roughly 24 hours. Last year, the life expectancy of aWindows machine unguarded by software security patches and a firewallshrunk to less than 20 minutes.

But the Honeynet Project found a reversal of that trend for computers powered by open-source operating systems like Linux. In 2002, anunprotected Linux computer was compromised within roughly 72 hours of being exposed to the Internet. When the project tried the same experiment again late last year, it took a whopping three months for attackers to get around to compromising the Linux machines.

Honeynet Project founder Lance Spitzner said the results provide important insight into the motivations of today's online criminals.

"The bad guys used to go after Linux machines because it was considered more of a challenge, but these guys aren't interested in hacking computers for fun anymore," he said. "They know that the average [Windows computer] has gotten more secure, so now they're hacking the user ... for money."

So stay tuned to Security Fix for daily updates on computer security.If you have specific questions or see something online that you think this blog should address, send a message my way. I'll do my best to find an answer to your problems or to point you to places where you can get the appropriate assistance.

Brian Krebs

By Brian Krebs  |  March 30, 2005; 1:45 PM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: About This Blog
Next: New Worm, Old Tricks

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company