Web attacks get personal

Cyber-criminals scan readily-available personal details to find targets

Malware purveyors are increasingly tailoring their virus distribution and attack techniques to take advantage of different classes of end-users, according to researchers with the Internet Security Systems' X-Force team at IBM.

Top experts with the Atlanta-based research operation said that malware writers, phishing scheme operators, and botnet herders are more frequently employing so-called personalization tools to make their attacks more effective.

Much like the online marketing companies that gather bits of information to target advertising at individual Web users, cyber-criminals are creating malware outlets and code executions that scan readily-available details about people's' computing posture to find appropriate recipients for their work.

The approach uses any information that is found to isolate the right attack to deliver based on factors like the particular Web browser or operating system that an individual who being targeted is using.

By combining the more intelligent threat delivery approach with hard-to-detect Trojan, botnet, and cross-site scripting attacks, cutting-edge criminals are finding plenty of ways to take advantage of end users, said Gunter Ollman, director of security strategy for IBM ISS.

"With every Web page request, people send out a header that describes their browser and also tells you what language the request is being made in and sometimes even the cache level of the host it is running on; there's a lot of information in there, including the IP address of the person making the request," Ollman said.

According to X-Force's 2006 annual report on security trends, 30 percent of malicious Web sites were already using personalization techniques by the end of last year. The company said it is expecting that number to grow rapidly in 2007.

"By combining the IP address and all the host details in the browser, we're seeing that attackers build sites that ensure they only use exploits that will work against a specific host," the expert said.

In addition to determining which version of browser or OS software someone is using, many of the attacks can assess what level of security patch a particular program has in place, according to the researcher.

Cyber-criminals are also loading malware-infected Web pages with numerous code execution threats to assault many different aspects of varied sets of users with dozens of pieces of code being served up on a single URL.

Many of the threats are hidden in individual elements of Web pages, including flash files, pdfs and images, which may each contain multiple attacks meant to take advantage of different vulnerabilities.

Ollman said that ISS has also observed that these more advanced malware efforts are also collecting IP address information from end users to ensure that they don't repeatedly send the same threats to their computers. The smartest groups are also trading information about IP addresses known to be used by security researchers to keep their latest work from being discovered.

"If you browse that type of malware site it will serve exploit code, but only try it once; they know that people might start to get suspicious if the same part of a site crashes twice or acts abnormally," said Ollman. "These attackers don't want people to get copies of their new code or to know what sites they have hosting the content; they know that sites get closed down or added to black lists very quickly these days if they're not careful."

Ollman said that most of the exploits do not deliver spyware, but instead pass along smaller files known as droppers that are less likely to be identified by anti-virus systems that sit quietly but then call out across the Internet and draw-in real malware programs.

Many of the eventual spyware programs that are downloaded are even stealthy, the researcher said. The attacks frequently wait until a user opens a specific site or application before springing to life and beginning to intercept users' details, according to ISS's research.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?