I began this week doing a radio interview with WCCO-AM radio’s Suzie Jones, a top-rated talk radio talk show host in Minneapolis. Jones expressed astonishment when I described the many ways her PC can get botted, and her personal data put to fraudulent use.
Jones– or any other average person — would have apoplexy if they could hear what’s being discussed here at San Francisco’s Moscone Convention Center. I’m here with 5,000 CTOs, CIOs and tech security company salesmen roaming around the RSA Security Conference, which we write about in Chapter 18 of ZDT. One veteran conference attendee (a female computer science PhD) just described it to me as “spring break for geeks.”
Here are a couple of quick summaries of interviews I’ve had with tech security experts on the front lines battling cyber crime:
Somesh Jha, chief scientist of Novashield and University of Wisconsin computer science professor: The bad guys are refining malicious programs faster than ever. Tools to obfuscate a particular attack by rapidly morphing it into multiple variants are “amazingly well engineered.” Traditional “signature” anti-virus programs that identify and block new strains “can’t keep up with this new stuff.”
Novashield is fine tuning a new type of defense that looks and isolates any unusual instructions from code that tries to communicate with the Windows registry as the user starts up the computer. “I call it a good-guy root kit,” Jha told me.
Novashield’s program is lightweight and designed to run on individual PCs. The company is hoping a big antivirus supplier–think Symantec, McAfee, TrendMicro—decides to bundle Novashield in with signature-based its programs.
Jha says Google banner ads are proving to be a big problem. Crooks use Google’s online services to buy banner ads to get posted on popular web sites. The ads, of course, are tainted; once they appear in your browser, you’re owned.
Sunbelt Software CEO Alex Eckelberry showed me multiple ways bad guys today are manipulating Google search results so that tainted web links slip past email spam filters. The end game is to obfuscate the corrupted web link so nothing tries to stop it from opening a back door and loading up a keystroke logger or banking Trojan (that slickly steals from online accounts) on the unlucky recipient’s hard drive.
One of the main ways crooks are infecting computers is by spreading tainted video files that carry “fake codec.” This attack began by focusing on porn video but is spreading to videos on MySpace, such as the Alicia Keys exploit.
April 8th, 2008 at 9:59 pm
Can you please explain what you mean by Google banner ads. To my knowledge - Google does not buy or sell banner ads - only adwords. Are you referring to DoubleClick, Google’s recent acquisition? Even DoubleClick is only an adserving engine like many others ATLAS DMT, MediaPlex, 24/7 Real Media. To be sure, these services are used by most major publishers to manage adserving on their sites.
So the facts are that Advertisers/Marketers buy media on publishers to place their ads. The Publishers use adserving technology to serve these ads. Google can take responsibility of the banner ads as much as Amtrak can of transactions on one of its trains.
I really dont care if this post makes it to you blog but please check and let your readers know what Somesh Jha means by Google banners.
April 10th, 2008 at 10:27 am
Simon,
My comments are based on a vulnerability
based on embedded iFrames. The paper
(which has several authors from Google)
is going to appear at Usenix Security 2008.
The name of the paper is “All Your iFrames point
to us”. We will have more details when the
paper is published. Stay tuned. I will post a
summary of the paper when it appears. Needless
to say that this a general vulnerability and not
just specific to Google. Of course, since Google
is publishing about it, they are definitely worried
about it.:-) Stay tuned.
Somesh
April 10th, 2008 at 10:38 am
Simon,
Another thing I wanted to point out. I did
not imply any culpability for Google in this
matter. In fact, this just a vulnerability in
how the web works and nothing to do with Google.
In fact this vulnerability can be exploited through
any website that displays banner ads, i.e., an
attacker can buy banner ads on Bestbuy’s website
and mount the same attack.
In any case, I will definitely post a summary
of the aforementioned paper on my blog when it appears.
Thanks
Somesh