TechWeb

IT Vigilance Urged To Fight Malware, Bots, Root Kits

Apr 27, 2005 (05:04 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=161601567


Stronger authentication, better firewalls and use of the latest software are needed to battle an expanding Internet threat environment.

At least that is the view of Microsoft's David Aucsmith, architect and CTO, Security Business & Technology Unit. Malware, spam, phishing, spyware, bots and root kits are raking in big bucks and fighting them effectively is a huge challenge, Aucsmith said in a presentation at the Windows Hardware Engineering Conference in Seattle Wednesday.

"We've seen an explosion of criminal enterprise moving onto the Net in the last 18 months or so," he said in describing hacker motivation trends. "It's no longer just for kicks. It is for making money."

Aucsmith offered a bleak prognosis for the future of spam, suggesting that it's become so profitable for the spammers that there's no end to it in sight. Among other ills, spam serves as a gateway for artificially generated web traffic, phishing, identity theft and credential theft. "People are making a lot of money with spam," he said flatly.

Phishing is another huge problem area. Over 60 percent of all Internet users have visited a spoofed site and over 15 percent have been tricked into providing personal data, he said.

In another study of spyware penetration, it was found that 15 percent of corporate machines had keystroke loggers, Aucsmith said, noting that it's "an extremely big cost for us (at Microsoft Corp.) -- dealing with spyware on our boxes."

Bots are quintessential Trojan Horses, he said. They try to disguise that they are there. They have control channels and can communicate back to whoever created them. Some have software update features. Most now have a financial variant. "Bots are very cleverly used now," Aucsmith said. First they become a spam relay. When that gets shut down, they become Distributed Denial of Service facilitators. Later they can become keystroke loggers hunting for financial or software license information.

"70 to 80 percent of all spam comes from bots," he said. "There are your moms' machines, compromised by a bot. They're fairly sophisticated now. A whole collection of them just look for Windows CD keys."

Aucsmith said the "herders" who operate bot networks offer to rent out their bot networks. "They're readily available," he said.

Aucsmith noted major growth in root kits since the launch earlier this year of Microsoft's Anti-Spyware product, which is available as a free download. But he said rook kits still pose a significant technical challenge, can defeat anti-spyware products and will continue to offer financial incentives to support spyware and adware.

When fighting these threats, a big problem network security pros encounter is legacy systems, Aucsmith said, noting for example that the security kernel for Windows NT was written before there was a World Wide Web and before TCP/IP was the default communications protocol. Some Windows NT boxes, nonetheless, remain connected to the Web. More recently, the security kernel of Windows Server 2003 was written before buffer overflow tool kits were widely available and Web services were widely used.