Brian Krebs is a former reporter on the information security beat for The Washington Post who now runs his own Website KrebsOnSecurity.com in Northern Virginia. IN a recent (4/8/2011) blog entitled "Is Your Computer Listed 'For Rent'?" he discusses how hacked and remote-controlled PCs (usually called "zombies" or "bots") are used to support anonymization services that permit paying customers to proxy Internet connections through one or several such compromised computers. Essentially, this technique lets cybercriminals present themselves as someone else who is somewhere else on the Internet, and sometimes even from a well-known and -respected Internet e-mail address. This does more than protect criminal identity; it also makes it easy for cybercrooks to send e-mail in targeted phishing attacks that increase their odds of success thanks to their apparent points of origination.
In this blog posting, Krebs explains how his research into an anonymization service turned up a broker/dealer firm that handles healthcare partnerships for physicians, and a retirement community, both located in Memphis, TN. Other recognizable addresses included PCs in retail locations for a major clothing chain, various hospitals and medical centers, and even a municipal development authority based in Nevada. Additional clean-up attempts have been ordered at the retirement community whose address appeared in the service, even after initial attempts to remove the infection had been undertaken. As Krebs observes at the conclusion of his blog "...it's far easier to keep a PC up to date with the latest security protections than it is to sanitize a computer once a bot takes over."
Small to medium sized businesses that lack full-time IT or security staff can be vulnerable to such takeovers, and should regularly scan their PCs to keep them free of malware of all kinds. Because their identities might be used to launch attacks against business partners or customers, or even for targeted phishing attacks, such organizations are in particular need of vigilance and protection.
Stu Sjouwerman
In this blog posting, Krebs explains how his research into an anonymization service turned up a broker/dealer firm that handles healthcare partnerships for physicians, and a retirement community, both located in Memphis, TN. Other recognizable addresses included PCs in retail locations for a major clothing chain, various hospitals and medical centers, and even a municipal development authority based in Nevada. Additional clean-up attempts have been ordered at the retirement community whose address appeared in the service, even after initial attempts to remove the infection had been undertaken. As Krebs observes at the conclusion of his blog "...it's far easier to keep a PC up to date with the latest security protections than it is to sanitize a computer once a bot takes over."
Small to medium sized businesses that lack full-time IT or security staff can be vulnerable to such takeovers, and should regularly scan their PCs to keep them free of malware of all kinds. Because their identities might be used to launch attacks against business partners or customers, or even for targeted phishing attacks, such organizations are in particular need of vigilance and protection.
Stu Sjouwerman
