Security Watch
Phone Malware Threat Grows
Viruses are reaching out and touching someone - everyone.
Malicious Code
Phone malware, particularly
Cabir,
continues to spread. This appears to be affecting non-North American countries
most severely, possibly due to the types of phones more predominant abroad (Nokia)
or the use of the Simbian OS. Also, the malware spreads extremely slowly, only
able to infect one other system each time the phone is turned on. Regardless,
there certainly is a marked increase in phone malware activity, and no reason
to believe it will lessen before it gets worse.
This is bound to become a much larger issue than PC infections. Not only are
phones far more common than PCs, the user community has a great deal less technical
knowledge than the average PC user. Unless carriers and phone manufacturers
find a solution that doesn't involve user interaction, we'll likely have phone
malware living much longer than PC malware.
Hacking
It's been reported that there was a significant increase in traffic on port
42 after a proof-of-concept exploit was released for the Microsoft
WINS vulnerability patched by MS04-045. While there may well have been
a spike in traffic, what the various monitoring stations fail to recognize is
the difference between a scan for vulnerable systems and systems actually being
compromised.
Want
More Security? |
This
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
|
|
|
Historically, bots get updated quickly with new exploits when they're released,
and they'll often start scanning the Internet to see if they can find vulnerable
systems. In this case, there are very few vulnerable systems exposed to the
Internet due to the fact WINS isn't installed by default, and those that do
have a WINS server installed aren't likely to be the type to be exposed. While
not confirmed, it's likely that the spike was due to already compromised systems
scanning, not new victims being found. Understanding this difference is important
to ensuring your blood pressure doesn't go up unnecessarily.
Physical
Delta Blood Bank in California had one of two laptops
used to store donor registration information stolen during a donor drive. Some
portion of its database of donors was kept on the machine, compromising information
on tens of thousands of donors. This is an example of the age-old problem where
highly sensitive data is stored on an extremely vulnerable system. Cost and
technical difficulty no doubt led the blood bank to store an image of the database
rather than performing a remote connection to look up information, ignoring
the fact that laptops are so susceptible to theft. Bottom line: Never store
sensitive information on a laptop!
Human Factors
Online shopping was up more than 25 percent over the
holiday season this year compared to the same period in 2003. That's certainly
good news for e-commerce companies, but could spell doom for its future. That
increase in shopping represents an equal increase in the likely theft of credit
card information, which in turn spells more losses for the credit card companies.
How long can they continue to afford to take the losses due to insecurely maintained
e-commerce sites?
About the Author
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.