Bandits in the Browsers

2004-04-12
Reprinted from The Triangle Technical Journal

Just when you think that Web surfing is safe, think again. According to a report from the Computer Technology Industry Association (CompTIA), browser-based security attacks are on the rise and are anticipated to be “the next significant security threat to IT operations.” A browser-based security attack is defined as malicious code contained within a Web page (or HTML email) that appears harmless. The attacker uses the browser and user systems to sabotage or disrupt computer functionality.

To quantify the impact of such havoc on today’s technology, consider the following:

  • The number of reported viruses or worms attacking Windows systems was nearly 4500 during the first half of 2004 – a 450 percent increase over the same period in 2003. Though worms rarely attack via Web browsers, viruses are often borne via email and attack weaknesses in the Web page rendering systems used by HTML email clients and browsers alike.
  • Over 70 percent of all email in July 2004 was spam – and 60 percent of all spam sent originates from computers infected with worms or viruses.
  • Nearly 2,000 new phishing scams were reported in July 2004.

    Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a bogus but very legitimate looking Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers – information that the legitimate business already has. Bugs in the browser or email client make it possible for the “phisher” to hide their true URL from the end user.

  • Installations of spyware and adware are exploding – over 14 million instances were reported in March 2004, up from less than 2 million in August 2003.

    Spyware is any software that covertly gathers user information through the user’s Internet connection without his knowledge. Spyware has the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, install other spyware programs, read cookies, change the default home page on the Web browser, and gather information about passwords, credit card information, and email addresses – all the while consistently relaying this information back to the spyware author.

    Adware is a form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user’s browsing patterns.

As you can see, the Internet is not as friendly as it once was thought to be. Today, it is populated with criminals who have moved from the simple deviltry of erasing hard drives to that of the criminal activity of identity theft. And they’re not acting alone – finding that banding together to leverage each other skills is proving more profitable. Recently through an ordinary Google search, the Secret Service found and subsequently shut down ShadowCrew, an online shopping bazaar where criminals would buy and sell credit card numbers and identity documents. In total, there were approximately 4,000 criminals participating on the ShadowCrew site with predictions of estimated thefts valuing $1 billion if the site had not been shut down.

So how do you fight back? First, you need to clean up your computer, then you need to maintain that protection.
To clean up your computer, perform the following:

  1. Use an anti-virus software application to scan your computer for viruses, worms, and trojans. Scanning your computer can take from 15 minutes to an hour, depending on your system. Keep your antivirus software current! New variants are discovered “in the wild” at the rate of several a day, and all it takes is for one of them to defeat your outdated antivirus patterns.
  2. In dealing with adware and spyware, the first step is to perform an online scan to detect any resident adware or spyware. A scan can be done through www.zonelabs.com. Once detected, adware and spyware can be removed through any of the following programs: Ad-Aware, Microsoft’s AntiSpyware, and Spybot Search and Destroy. Once you have installed a program, plan to get updates and run it regularly. To minimize attacks of adware and spyware, it is also a good idea to block pop-up windows.
  3. Download and apply all browser and Windows patches. If you’re using IE, you can download Microsoft patches by going to Tools-Windows Update in your browser window. Check for browser patches regularly, and check for system security updates at least once a week. It is an important security practice to use an up-to-date browser, install all the latest browser patches, and keep your computer’s operating system patched and up-to-date.
  4. Consider installing an Internet security suite. This is the latest offering from antivirus software vendors – an “all-in-one” application that combines antivirus, spam filtering, a personal firewall, intrusion detection, and adware/spyware filtering.
  5. Consider installing and using a different browser. Because IE accounts for more than 95 percent of the browser market, and because it is sadly very insecure, most cyberbandits target it more heavily than other browsers. An alternative available to IE that is worth investigating is the Mozilla Foundation’s Firefox.

    If it is not possible to switch from IE, then you should set its security level to High. Since setting the level to High may cause some websites to work improperly, you can add sites that you know are safe to use to your list of trusted sites. This will allow the site to work properly even with the High security setting.

  6. Add a firewall to your Internet connection. A firewall is a system designed to prevent unauthorized access to and from a private network. It can implemented in both hardware and software, or a combination of both. When you connect to a website or send/receive email, the traffic will pass through the firewall, which examines each request and message and blocks those that do not meet the specified security criteria.

And after you’ve “cleaned house,” it’s imperative to maintain this protection.

  1. Configure your Internet security suite and/or antivirus software for regular (and frequent!) updates and keep your subscription active.
  2. Apply all available operating system patches. Windows can be configured to download updates automatically. It is imperative to keep your system as up to date as possible.
  3. Back up your data regularly. If your computer is infected to the point that you need to reinstall all of your software, a backup can be the lifesaver for your data.
  4. Be suspicious! Don’t give your trust (and potentially your identity, bank account number, and ultimately, your moola) away! If you frequent websites that request your email address to send you announcements and special offers, then expect to receive lots of attention. Be suspicious of any email requesting personal information. Expect that some downloaded file from websites are infected with viruses. Assume that every email attachment from an unknown source is infected. And use the tools recommended to keep your computer protected.

As we all know, the issue of information security is dependent on the actions that we, as users, take. If we don’t do everything within our power to protect our information, we are the biggest part of the problem. Therefore, it is ultimately our responsibility to take advantage of the tools and processes available to identify and clean up problems and establish a level of security required to protect our data.