Web attacks get personal

Cyber-criminals scan readily-available personal details to find targets

Malware purveyors are increasingly tailoring their virus distribution and attack techniques to take advantage of different classes of end-users, according to researchers with the Internet Security Systems' X-Force team at IBM.

Top experts with the Atlanta-based research operation said that malware writers, phishing scheme operators, and botnet herders are more frequently employing so-called personalization tools to make their attacks more effective.

Much like the online marketing companies that gather bits of information to target advertising at individual Web users, cyber-criminals are creating malware outlets and code executions that scan readily-available details about people's' computing posture to find appropriate recipients for their work.

The approach uses any information that is found to isolate the right attack to deliver based on factors like the particular Web browser or operating system that an individual who being targeted is using.

By combining the more intelligent threat delivery approach with hard-to-detect Trojan, botnet, and cross-site scripting attacks, cutting-edge criminals are finding plenty of ways to take advantage of end users, said Gunter Ollman, director of security strategy for IBM ISS.

"With every Web page request, people send out a header that describes their browser and also tells you what language the request is being made in and sometimes even the cache level of the host it is running on; there's a lot of information in there, including the IP address of the person making the request," Ollman said.

According to X-Force's 2006 annual report on security trends, 30 percent of malicious Web sites were already using personalization techniques by the end of last year. The company said it is expecting that number to grow rapidly in 2007.

"By combining the IP address and all the host details in the browser, we're seeing that attackers build sites that ensure they only use exploits that will work against a specific host," the expert said.

In addition to determining which version of browser or OS software someone is using, many of the attacks can assess what level of security patch a particular program has in place, according to the researcher.

Cyber-criminals are also loading malware-infected Web pages with numerous code execution threats to assault many different aspects of varied sets of users with dozens of pieces of code being served up on a single URL.

Many of the threats are hidden in individual elements of Web pages, including flash files, pdfs and images, which may each contain multiple attacks meant to take advantage of different vulnerabilities.

Ollman said that ISS has also observed that these more advanced malware efforts are also collecting IP address information from end users to ensure that they don't repeatedly send the same threats to their computers. The smartest groups are also trading information about IP addresses known to be used by security researchers to keep their latest work from being discovered.

"If you browse that type of malware site it will serve exploit code, but only try it once; they know that people might start to get suspicious if the same part of a site crashes twice or acts abnormally," said Ollman. "These attackers don't want people to get copies of their new code or to know what sites they have hosting the content; they know that sites get closed down or added to black lists very quickly these days if they're not careful."

Ollman said that most of the exploits do not deliver spyware, but instead pass along smaller files known as droppers that are less likely to be identified by anti-virus systems that sit quietly but then call out across the Internet and draw-in real malware programs.

Many of the eventual spyware programs that are downloaded are even stealthy, the researcher said. The attacks frequently wait until a user opens a specific site or application before springing to life and beginning to intercept users' details, according to ISS's research.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?