Will you walk into my parlour?’ said the spider to the fly.” As anyone who remembers that old children’s poem knows, the fly eventually succumbs, even though it’s fully aware of the threat to its life. Now, web-savvy evildoers are spinning a real-life version of this fable, luring people to visit previously trusted but now compromised sites and applications, infecting their computers in the process.
It’s called a multi-staged attack and, if anything, it proves that wide-scale network worms and denial-of-service attempts are no longer as effective as they once were, according to Symantec Corp.’s latest Internet Security Threat Report. Many companies and consumers have installed effective network defences, such as intrusion detection systems and firewalls, that prevent unwanted access. That’s forced cyber criminals to return to simpler methods such as staged downloads — sometimes known as modular malicious code — as a way to install malevolent programs, rather than try to hack through network defences.
“The difference is that instead of focusing on single threats,” says Dean Turner, director of Symantec’s Global Intelligence Network in Calgary, “we need to be aware that most [attacks] are staged, so we have to be especially mindful of medium- and low-severity threats and, in many circumstances, treat them with higher priority.”
What’s worse is that some of the new malicious programs have apparently been professionally developed and can be bought by others. MPack, for example, a black-market tool kit that lets bad guys launch multi-staged attacks, sells online for about $1,000. Also readily available are phishing packages, which allow hackers to spoof legitimate websites and embed nasty code. During the first half of 2007, 86% of all phishing websites reported to Symantec were hosted on 30% of phishing IP addresses, indicating the widespread use of such tool kits.
It seems that, like the spider, the bad guys are never going to stop trying to catch a few more flies.