| November 10th, 2007 – Computer consultant John Kenneth Schiefer plead guilty to four felony charges for his involvement in the compromise of as many as a quarter-million PCs. These compromised systems, or bots, were used to steal money and identities. Schiefer was able to control all of these systems, typically referred to as bot herding, from centralized servers to perform any nefarious task that he wished.
November 18th, 2007 – A MSN Trojan spreads throughout the Internet at an alarming rate. The Trojan, an IRC bot that may have been the fi rst to include VNC server scanning capabilities, was transmitted via fi les disguised as photographs from people pretending to be an acquaintance.
November 9th, 2007 – Grammy award winning R&B singer Alicia Keyes has her MySpace page hacked. The attacker placed a rootkit so that unsuspecting fans who visited the site were infected with malware from an exploit site in China. If the system was patched against the exploit then the user was prompted to download and install a special codec.
These incidents are real world examples of malicious software that was installed without the consent of the end user. Unfortunately these examples are a small cross-section of one month in 2007. As scary as this might be - these were only ones that were reported. Not all websites, organizations, and users disclose that their machines were infected or compromised because, let’s face it a compromise looks bad. An advertising fi rm may not want to let their customer know that a competitor may have stolen their fancy new advertising campaign because the fi rm’s database was compromised. A social community website may not want to let their users know that a rootkit was somehow installed on some of their websites because it shows a weakness in their application.
“If the customer knew their campaign was stolen then we might lose the account! We won’t tell them. I’m sure it will be fi ne.” |
|
|
| | | | iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!" -Andrew Sheldon, Director of Evidence Talks, computer forensics experts With iPhone use increasing in business networks, IT and security professionals face a serious... |
|