Business Daily from THE HINDU group of publications
Monday, Jun 04, 2007
ePaper
eWorld
Features
Stocks
Cross Currency
Shipping
Archives
Google

Group Sites

 eWorld - Interview
Info-Tech - Security
Beware malware

R. Savitha

The cyberspace security expert on what to watch out for.

Banks will never ever ask their customers to confirm details in an online form.


Patrik Runald

Cyberspace is getting more and more interesting - and less and less safe. eWorld sounded out Patrik Runald, Senior Security Specialist at F Secure Security Labs, for his take on the scene. Excerpts from the chat:

What is the current picture on the cyber crime front?

From January 1 2007, to around the first week of this month, we've added detection for 51,934 new pieces of malware.

During 2006, we added detection for approximately 1,00,000 malware and in 2005 for 50,000. It is very likely that by the end of the year we will have added detection for almost 2,00,000 new pieces of malware.

During the first four months of 2006, we saw a large number of spammed trojans such as Nurech, BZub, Stormy, Zhelatin and Warezov. Some of them used mails based on love-themes to trick users into running them; others used mails resembling bills.

All these are aimed at building botnets, which later are used for spamming, phishing, etc. And all of them are malicious.

How does the individual/company counter this?

We need to raise user awareness and continuously explain that unwanted e-mails with attachments shouldn't be executed. We should continuously remind users that they have to run a firewall, antivirus software and update their system installation at least once every month.

We should also raise user awareness about phishing and let them know that banks will never ever ask customers to confirm their details in an online form. They will never e-mail their customers to make them aware of suspicious activity on their accounts.

Banks will call their customers if something like this was in the air.

But this message does not reach the user unless we educate the online community constantly, including those climbing on for the first time.

A second alternative might be a more secure Operating System. Again, this would help but how can the OS protect a user from willingly giving away his credit card details?

And catching the bad guys is not easy. Just imagine this. A trojan is being developed in Europe. That Trojan is being distributed on a Web site in the US using a vulnerability in the Web browser.

The same trojan, once installed on a PC somewhere in the world, will connect to a Web server in Brazil to download additional components to install, among other things, a keylogger.

That keylogger will send online bank login credentials found on the system to a mailbox in India. The information gathered from the infected PCs is later sold to a person in Spain. Sounds complicated?

It is and just imagine the trouble law enforcement agencies face to make an arrest.

And if they do, by which countries' laws should they prosecute? The above example is a real one and there are hundreds of these cases every week. So how can we get better at security?

Through training and advice. Industry needs to further develop the ties it has with law enforcement.

The police are the users that need the skills to recognise computer crime and learn how to obtain important information to build a case. Only then will they be able to find and break the weak link in the chain.

We should also create forums and non-profit organisations where the private and public sector can come together and share information. The FBI, in the US, has such a forum based in Philadelphia and apparently it works great but we need to do this outside of the US as well. We need to put a stop to the bad guys now, before things go out of hand.

India already has a cyber crime cell. How else do we deepen focus?

Internet service providers (ISPs) can do more and we need more international co-operation.

For example, the basic security an ISP should offer is that all e-mails coming to users should be scanned for viruses, spam and phishing. In addition, they can increase security by identifying infected machines in their networks.

There are solutions available that do the above-mentioned activities with ease and efficiency and those technologies should be deployed.

ISPs should also offer security software to their end-users.

In addition, international co-operation is key to succeeding in the fight against cyber criminals. We need to share information between vendors, organisations and law enforcement authorities.

savitharin@gmail.com

More Stories on : Interview | Security

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
The high and low of IT

Friendly neighbourhood Wi-Fi
Of bits and qubits
`Unlocking IP of diverse business units is key challenge'
Display setting, back-up devices
`More budgets opening up'
Beware malware
On the laser track
Surf with care
Quiz
Cartoon

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line