2007 threat vector: your ass is grass

NetworkMagazine
http://tinyurl.com/22vt8s

The trend is that the attacks are becoming more and more sophisticated
with each passing day...The current trend is of Phishing or for that
matter automated Phishing more commonly known as Pharming. The only
objective of such a attack is to lure you into committing some kind of
error, which might result in the leakage of your personal information.

Today malware such as spyware and Trojans along with keyloggers can be
blended into one threat vector...

[In 2007] the market for zero-day attack code will be more competitive.
This will result in an increase in the number of zero-day attacks and
better attacks on both the client and server-side.

...organized criminals will join forces with the hacker community to
form a more organised cybercrime economy, which buys, sells and trades
hot commodities such as ready made cyber-attack toolkits and exploits
utilising zero-day vulnerabilities. We also feel that Web 2.0 security
issues will escalate as these technologies are being rolled out en
masse with security as an afterthought. It is important for
organizations to have preventive measures in place to protect
themselves from the next wave of increasingly covert and targeted
attacks.

The BOT evolution will continue and evolve again with countermeasures.
Distributed command-and-control and the use of other protocols other
than Internet Relay Chat (IRC) or HTTP will be used to control BOT
networks. Increased use of encryption and custom packing of BOTs will
also occur.

CERT in Australia http://www.auscert.org.au/ has revealed that about 70
percent of malicious code will get past anti-virus software today
because it just won’t be noticed and also because most solutions are
not equipped to check the malicious contents and codes...

"George Orwell" wrote:

> The current trend is of Phishing or for that matter automated
> Phishing more commonly known as Pharming.

Pharming is about DNS hijacking.

> ..organized criminals will join forces with the hacker community to
> form a more organised cybercrime economy, which buys, sells and trades
> hot commodities such as ready made cyber-attack toolkits and exploits
> utilising zero-day vulnerabilities.

Old news. It's been going on for some time.

Ant wrote:
> "George Orwell" wrote:
>
>> The current trend is of Phishing or for that matter automated
>> Phishing more commonly known as Pharming.
>
> Pharming is about DNS hijacking.

good catch... sometimes i wonder who they get to write these things...

i wonder what non-automated phishing looks like... are the pages on the
phishing site served by humans instead of a webserver?

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

"kurt wismer" wrote:

> Ant wrote:
>> "George Orwell" wrote:
>>> The current trend is of Phishing or for that matter automated
>>> Phishing more commonly known as Pharming.
>>
>> Pharming is about DNS hijacking.
>
> good catch... sometimes i wonder who they get to write these things...

It's supposedly what a VP of Websense said to a journalist at Network
Magazine (India). Websense security labs will (surely?) understand the
relationship between pharming and phishing but perhaps their VP was
misinformed or was trying to dumb-down.

> i wonder what non-automated phishing looks like... are the pages on the
> phishing site served by humans instead of a webserver?

LOL. A personal service -- and before they take your money they say
"would you like phries with that?".