News

Study: New Attacks Use Old Tricks

If there's one thing that last month's attacks against public sector sites in both the United States and South Korea demonstrated, it's that the exploits of the past often come back to haunt us.

The July 4 attacks, for example, used code that had been recycled from the notorious MyDoom worm.

Security experts warn that many shops aren't adequately protected against the exploits of old. Not surprisingly, the recurrence of exploit throwbacks -- in some cases, extremely old exploit throwbacks, as seen in the reappearance of the infamous Code Red worm -- is one of the more intriguing angles in the new mid-year security trends report from Symantec Corp.

"In the first half of 2009, some of the more recent and highly publicized threats incorporated attack methods used in previous years. The large-scale distribution of a small number of threats that were characteristic of the Code Red and Nimda attacks were components of the attack techniques employed by the Koobface worm, which continues to propagate via social networks, and the Conficker worm, one of the most complex and widely spread threats to hit the Internet in several years," wrote security researchers in Symantec's "Security Trends -- 2009 Mid-Year Update" report.

In 2008's year-end security forecast, Symantec had predicted that economic concerns would spur a good chunk of exploit activity this year. Although that has been the case, Symantec researchers conceded that it can't account for all exploit activity. July's distributed denial-of-service (DDos) attacks, for example, appear to have had no financial motives.

"Similar to attacks seen in previous years, the purpose behind the recent Trojan.Dozer distributed denial of service...attacks appears to be notoriety and/or mischief," the report said.

Not surprisingly, of course, Symantec researchers have a somewhat self-serving take on the phenomenon of re-emerging exploit activity: Companies should consider investing in multi-tiered security defense assets.

"As older attack techniques continue to resurface in current threats, we believe that a multi-layered defense combining traditional detection methods with complementary detection such as reputation-based security models will be essential," the report said.

The July DDoS attacks were comparatively unsophisticated in both their construction (they used recycled code from the former MyDoom worm) and their intensity (attack victims were targeted by a relatively modest packet storm). This doesn't mean that security exploits are becoming increasingly less sophisticated, however. Savvy attackers continue to hone their craft, Symantec researchers said, citing an uptick in attack methods that imitate legitimate business practices. This is particularly true in the burgeoning "scareware" segment.

"Today's attackers are increasingly sophisticated and organized, and continue to employ deceptive methods that imitate traditional business practices. Malicious ads or 'malvertisements,' usually in the form of 'flash' ads, redirect the user to fake scan Web pages. Mainstream Web sites, as well as less reputable sites, are susceptible to these threats," the report said, citing the rising popularity of "scareware" exploits (e.g., fake malware or anti-virus "scanners") that identify bogus infections and then offer to "clean" a user's computer.

"The goal is to try to lure the user into buying the fake product, which promises to clean up all of those made-up threats. Those who fall for the bait are usually redirected to an order page, where they are lured for payment."

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.