Journal of Emerging Technologies in Web Intelligence Contents

More documents

Recommendations

Info

152 JOURNAL OF EMERGING TECHNOLOGIES IN WEB INTELLIGENCE, VOL. 2, NO. 2, MAY 2010Protecting Data From the Cyber Theft – AVirulent Disease1 Dr. S.N. Panda and 2 Vikram Mangla1 Professor & Principal, 2 Assistant Professor1 RIMT-IMCT, Mandi Gobind Garh, Punjab.2 Chitkara Institue of Engineering & Technology, Rajpura, Punjab.1 panda.india@gmail.com, 2 mangla.vikram@gmail.comAbstract - Network security policies are essential elements inInternet security. Network security perimeter devices suchas firewalls, IPSec, and IDS/IPS devices operate based onlocally configured policies. Malware-related data breacheshave reached pandemic proportions as criminals discoverthat Internet crime is easy to commit, highly lucrative, andlargely under-policed. With a few hundred dollars, a cybercriminal can begin a career of breaking into computers tosteal identity and confidential data for sale to the highestbidder. This paper will cover current and emerging trends ofstealth malware, such as moving primarily to the Web sincemost organizations allow Web traffic into the network. Itwill also cover new advances in network securitytechnologies that use multi-phase heuristic and virtualmachine analysis to detect and mitigate the damages thatresult from malware-related data thefts.Index Terms - Network Security, Web Threats, Malware,PhishingI. INTRODUCTIONWith the global connectivity provided by the Internet,network security has gained significant attention inresearch and Industrial communities. Due to theincreasing threats of network attacks, network securitydevices such like firewalls and IPSec gatewaye havebecome important integrated elements not only inenterprise networks but also in small size and homenetworks. Motivated by the lure of profits from the sale ofstolen confidential information, cyber criminals today areshifting to the Web as their chosen attack vector, whichprovides an ideal environment for cyber crime. Malwarerelateddata breaches have reached pandemic proportionsas criminals discover that Internet crime is easy tocommit, highly lucrative, and largely under-policed. Witha few hundred dollars, a cyber criminal can begin a careerof breaking into computers to steal identity andconfidential data for sale to the highest bidder. Fraudsterswho purchase the data have developed a variety ofschemes to monetize that information ranging fromtransacting unauthorized stock trades to transferring fundsto offshore bank accounts. The cyber crime economy is sorobust that there is a vibrant market for professionalmalware toolkits available for $500 to $1,000 and comepre-configured with a range of attack modules, exploit‘maintenance’ updates, and 24 x 7 online technicalsupport.Many Web threats can be deployed unbeknownst to theuser, requiring no additional action than merely opening aWeb page. Large numbers of users, an assortment oftechnologies, and a complex network structure providecriminals with the targets, exploitable weaknesses, andanonymity required for large-scale fraud. Web threatspose a broad range of risks, including financial damages,identity theft, and loss of confidential businessinformation, theft of network resources, damaged brand orpersonal reputation, and erosion of consumer confidencein e-commerce. These high stakes, the pervasive use ofthe Web, and the complexity of protecting against Webthreats combine to form perhaps the greatest challenge toprotecting personal and business information in a decade.In August 2007, a scene played out as cyber criminalsinfiltrated the monster.com job site through “Monster forEmployers” accounts, compromising the personalinformation of 1.6 million users. Many of these users thenreceived official-looking emails, claiming to be frommonster.com and encouraging them to download a “helperapplication” that turned out to be yet more malware.These attacks were well-researched, using familiarlanguage and branding, and coded to transfer data slowly,under the radar of IT administrators looking for suspiciousnetwork traffic.[1] Web threats also include malware thatis downloaded from an email attachment, but accesses theWeb to convey information to the hacker. In 2007,fraudulent emails were sent purporting to be from theFederal Trade Commission. These emails claimed that acomplaint had been filed against the company andcontained an attachment. If the recipient opened theattachment, a keylogging Trojan was deployed thatattempted to steal login information from the user’scomputer and send it back to the hacker. [2].Phishing is a prevalent Web threat, spoofing legitimatecompanies to trick people into providing confidentialinformation. Consumer phishing is wide-spread, sendingemails that spoof organizations like banks and on-lineretailers. These phishing emails often use links to takerecipients to Web sites where confidential information isgathered. Employees can fall victim to these consumerthreats, but phishing can also affect corporations moredirectly. In 2005, phishing emails targeted CEOs andother high-level executives of US credit unions in anattempt to gain control of millions of personal financialrecords. The email messages contained a link to a Website where a Trojan was downloaded. Even one successful© 2010 ACADEMY PUBLISHERdoi:10.4304/jetwi.2.2.152-155
JOURNAL OF EMERGING TECHNOLOGIES IN WEB INTELLIGENCE, VOL. 2, NO. 2, MAY 2010 153infection could have caused millions of dollars of damageand caused irreparable harm to hundreds of thousands ofusers through identity and asset theft. [3]But Web threats don’t just steal confidentialinformation; they can also steal network resources.Variations of e-greeting card spam were sent throughout2007. These simple spam messages told recipients that afriend had sent them an e-greeting card and to follow thelink in the email to view the card. If recipients followedthe link, it took them to a Web site that downloadedmalicious code.This code hijacked the computer, turning it into a “bot”and allowing the hackers to use the machine for their ownpurposes—sending spam, hosting malicious Web sites,and much more. Consumer and corporate computers wereinfected by the millions. Hackers network these infectedcomputers to create botnets, stealing resources and furtherperpetuating their fraudulent activities.II. WEB THREATS DEFINEDWeb threats are any threat that uses the Web tofacilitate cyber crime. They are sophisticated in theirmethods, using multiple types of malware and fraud, all ofwhich utilize HTTP or HTTPS protocols, but can alsoemploy other protocols as components of the attack, suchas links in email or IM, or malware in attachments or onservers that access the Web. The creators of such threatsfrequently update Web site content, variants, and malwaretypes in order to evade detection and achieve greatersuccess.Web threats based on malware are hidden within Webpages and victims are infected when they visit the page.Fraudulent sites mimic legitimate business Web sites anduse social engineering to request visitors to discloseconfidential information. Individuals once characterizedas hackers, virus writers, spammers, and spy ware makersare now simply known as cyber criminals with financialprofit their primary aim.Over the last 15 years, information security threatshave evolved through a series of incarnations. In eachcase, malware writers and fraudsters sought out themedium that was most used and least protected (forexample email). Today, a new wave of threats is emergingthat uses the Web as a delivery vehicle. These Web threatsare gaining traction at a time when the Web has become amajor commerce engine as well as social networkingvehicle, with usage continuing to grow.At the same time, the Web is relatively unprotected,compared to messaging for example, as a medium todeliver malware and conduct fraud. According to IDC,“Up to 30% of companies with 500 or more staff havebeen infected as a result of Internet surfing, while only20%-25% of the same companies experienced viruses andworms from emails.” [4]III. WEB THREAT DELIVERY MECHANISMSWeb threats can be divided into two primarycategories, based on delivery method – push and pull.Push based threats use spam, phishing, or other fraudulentmeans to lure a user to a malicious (often spoofed) Website, which then collects information and/or injectsmalware. Push attacks use phishing, DNS poisoning (orpharming), and other means to appear to originate from atrusted source. Their creators have researched their targetwell enough to spoof corporate logos, official Web sitecopy, and other convincing evidence to increase theappearance of authenticity. Precisely-targeted push-basedthreats are often called “spear phishing” to reflect thefocus of their data gathering (“phishing”) attack.Spear phishing typically targets specific individualsand groups for financial gain. In November 2006, amedical center fell victim to a spear phishing attack.Employees of the medical center received an email tellingthem they had been laid off. The email also contained alink that claimed to take the recipient to a careercounseling site. Recipients that followed the link wereinfected by a keylogging Trojan. [5] In other push-basedthreats, malware authors use social engineering such asenticing email subject lines that reference holidays,popular personalities, sports, pornography, world events,and other popular topics to persuade recipients to open theemail and follow links to malicious sites or openattachments with malware that accesses the Web.Pull-based threats are often referred to as “drive-by”threats, since they can affect any visitor, regardless ofprecautions. Pull threat developers infect legitimate Websites, which unknowingly transmit malware to visitors oralter search results to take users to malicious sites. Uponloading the page, the user’s browser passively runs amalware downloader in a hidden HTML frame (IFRAME)without any user interaction. Both push- and pull-basedWeb threat variants target infection at a regional or locallevel (for example, via local language sites aimed atparticular demographics), rather than using the massinfection technique of many earlier malware approaches.These threats typically take advantage of Internet port 80,which is almost always open to permit access to theinformation, communication, and productivity that theWeb affords to employees.IV. TODAY’S INSIDER - THREAT IS STEALTH MALWARELaw enforcement, computer crime experts, and eventhe military are playing catch up to the threat posed toconsumers, businesses, and national security as cybercriminals cash in on stolen identity data, fraudulent onlinetransactions, and cyber espionage. It is no surprise that therise in cyber crime has coincided with the increased use ofthe Internet and especially “Web 2.0” technologies.Web sites and applications now support usercontributedcontent, syndicated content, iframes, thirdpartywidgets (or applets), and convoluted advertisingdistribution networks into which ‘stealth’ malware caneasily be injected somewhere along the line. In a 2007USENIX paper, Google researchers determined thatapproximately 9% of all suspicious web sites launched“drive-by” downloads of stealth malware binaries[12].Government studies[13] estimate that 65% of all exploits© 2010 ACADEMY PUBLISHER
Page 1 and 2:
Journal of Emerging Technologies in
Page 3 and 4:
JOURNAL OF EMERGING TECHNOLOGIES IN
Page 6 and 7:
82 JOURNAL OF EMERGING TECHNOLOGIES
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
100 JOURNAL OF EMERGING TECHNOLOGIE
Page 26 and 27: 102 JOURNAL OF EMERGING TECHNOLOGIE
Page 81 and 82: Aims and ScopeCall for Papers and S
show all

Journal of Emerging Technologies in Web Intelligence Contents

Create successful ePaper yourself

Delete template?

Save as template?