Internet Security Is Losing The Online War

Despite the efforts of the computer security industry, malicious software is reportedly spreading faster than ever and security researchers have acknowledged that they cannot seem to get ahead of the onslaught.

Internet security is broken and it appears that nobody knows quite how to fix it. This so-called malware surreptitiously takes over a PC then uses it to spread more malware to other machines exponentially. (Source: informationweek.com)

A conservative estimate by the Organization for Security and Cooperation in Europe says that as more businesses and people move onto the Web, criminals thriving on a sleazy economy of credit card thefts, bank fraud and other scams rob computer users of $100 billion a year. Criminals have built a well-financed computer underground by working in countries that have global Internet connections with authorities who have no desire to prosecute offenders. These criminals are bringing in significant amounts of foreign currency.

Researchers from the Georgia Tech Information Security Center reported that the percentage of online computers worldwide infected by botnets is likely to increase to 15 percent by the end of this year, up from 10 percent in 2007. Research compiled by PandaLabs suggests that a staggering number of infected computers, as many as 10 million, are being used to distribute spam and malware over the Internet each day. Because botnets distribute malware like worms, programs that are still relatively invisible to commercial antivirus software moves from computer to computer. Security researchers concede that their efforts are largely an exercise in futility.

Bruce Schneier, chief security technology officer for British Telecom, said that modern worms are stealthier and professionally written, that criminals have gone upmarket, and they're organized and international because there is real money to be made.

Criminals keep improving their malware and the sophistication of the programs in the last two years has begun to give them almost lifelike capabilities. For example, malware programs now infect computers and then routinely use their own antivirus capabilities to not only disable antivirus software but also remove competing malware programs.

Microsoft anti-malware researchers recently disassembled an infecting program and were stunned to discover that it was programmed to turn on the Windows Update feature after it took over the user's computers --- ensuring that it was protected from other criminal attackers. Microsoft has monitored a 43 percent jump in malware removed from Windows computers just in the last six months.

But there is a deeper impact than the billions of dollars lost in money and data. Many Internet executives fear that basic trust in what has become the foundation of 21st century commerce is rapidly eroding. Since more people depend on the Internet for a wide range of applications, including dealing with financial institutions, and the more we deal with those types of systems, the more vulnerable we become.

Cyber-criminals appear to be at least as technically advanced as the most sophisticated software companies, and they're faster and more flexible. As Windows and Macintosh become more secure, attackers have moved on to Web browsers and Internet-connected programs like Adobe Flash and Apple QuickTime to infect computers via 'drive-by downloads,' as they try to induce more users into clicking on web links contained in email messages to infect their computers.

Computer security firms have begun shifting from traditional antivirus program designs to web-based services which can be updated faster than antivirus programs installed on a user's computer because the global cycle of distributing security patches inevitably plays to the advantage of cyber-criminals who continually hunt for and exploit new backdoors and weaknesses in systems. Right now it appears that the bad guys are improving more quickly than the good guys.

BotHunter is a free passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter than you can use to check your computer for botnets. BotHunter is available from BotHunter.net (Source: bothunter.net)

Visit Bill's Links and More for more great tips, just like this one!