NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0098 Hacker Attacks Getting More Personal:

In the same way some e-commerce sites serve up customized content based on a user's profile, cybercriminals are increasingly using personalization techniques to more effectively attack those who visit their web sites. Over the past year or so, the number of malicious sites using personalization techniques has musroomed and today represents a new and disturbing trend, according to IBM's Internet Security Systems X-Force threat analysis group. Unlike older sites that simply served up the same exploit code over and over, the new ones are loaded with multiple exploits and payloads. The sites are crafted to first probe a visitor's browser for specific information, which it then uses to craft a customized attack. For instance, a user who visited a malicious web site using Internet Explorer would be targeted with exploits seeking to take advantage of specific IE flaws, while those running Firefox or Netscape would be targeted with attacks specific to their browser types. The typical payloads include spyware programs and keystroke logging software. According to the X-force 2006 report on security trends, about 30% of malicious web sites at the end of 2006 were using personalization techniques, and the number is growing at the rate of about 1,000 new sites every week. Many of the sites are live for about four or five days before disappearing.

(ComputerWorld 20MAR07)

Last Modified: Friday, 23-Mar-2007 18:17:23 EST