Beware of 'blended threats,' phishing zombies in 2008

Combined online security attacks set to become more prevalent in 2008

"Blended threats" - online security attacks that combine several techniques - are likely to become more pervasive in 2008, security industry insiders say.

Such threats are already "gaining momentum", according to security managed services provider, MX Logi.

Blended threats reveal how malware distribution has become a "business model in the underground community," the security firm said in its'2008 Cyber Threats Predictions' document.

These threats are particularly insidious because they use multiple strategies to exploit known vulnerabilities - for instance, combining facets of hacking, computer-worm and denial-of-service attacks.

This "combo" approach enables the attack to spread quickly and cause a huge damage in a short time.

MX Logic cites an example of how this could work in practice.

"A cyber criminal using a blended threat [could] install a key logger on to a PC that captures personal information while he or she simultaneously turns the machine into a spam zombie that pumps out thousands of unsolicited messages claiming to be from brands like Viagra and Rolex."

In this scenario personal information can be sold for a profit, while the hacker also makes money selling time on a captured PC to spammers.

Another security expert, though, takes a different view on the issue.

"By our definition, almost every threat is a blended threat," manager of security response Symantec, Marc Fossi, said. "It's like when Trojans from a malicious website install themselves on a user's PC."

He said this phenomenon is not new but it would continue. "And we'll see greater numbers of this."

Zombies go phishing

Increased sophistication among hacker gangs are likely to manifest itself in other ways as well.

For instance, Symantec in a document titled Trends to Watch in 2008 has predicted a "bot evolution" where we're likely to see phishing sites hosted by bot zombies.

"It's basically about automating [the process of] setting up phishing sites," Symantec's Fossi said.

In this scenario, he said, a bot master would use the bot to host the actual phishing Web pages and relay phishing email messages out because of the automated nature of bots.

"They could easily have several phishing sites set up simultaneously," he said.

He said today, typically, many cyber crooks would compromise a computer or find free Web hosting to set up their phishing site. "When the site is taken down they would compromise another computer or a new Web host to set up an account on."

But Fossi said if scamsters use a bot-compromised computer, it's very easy for them to set up multiple sites at once, or to set up one site, and as soon as that gets taken down, to automatically set up a new one on another bot.

"It's the redundancy factor for them. It's almost like a failover mechanism," he said.

Both MXLogic and Symantec have predicted the increase in Web services will pave the way for advanced cyber attacks via the Web browser.

"The Web browser is an appealing alternative for cyber crooks to push malware through email because it prompts the user to pull malware from a website," the MX Logic Cyber Threat predictions report notes.

It said the social engineering possibilities are countless, as vulnerabilities within Internet Explorer and Firefox continue to be exploited. "in 2007" it said, "the MX Logic Threat Operations Centre recorded dramatic spikes in the number of Web-based threats."

Symantec too expects the number of new Web-based threats to increase, as browsers continue to converge on a uniform interpretation standard for scripting languages, such as Java.

Browser blast

"Say every Web browser is using the same Web code to interpret Java off a range of Web sites. Then a single vulnerability in that interpreter would affect all the browsers. The attacker would then be able to compromise a wide variety of hosts with a single exploit," Fossi said.

He contrasted that with the infamous MPack attack from earlier in 2007, involving a kit of professionally written PHP software components (dubbed MPack) designed to be hosted and run from a PHP server with a database backend.

MPack, Fossi recalled, implemented different exploit modules. "When users would go to the website it would try them one by one. The idea was really to affect the most users that it could."

But if there's more of a convergence that site would only need to have used one exploit that it would use for every visitor.

2.0 jeopardy

As the media spotlight today is on new and compelling Web 2.0 applications, security insiders say in 2008, social networking sites will continue to serve as a breeding ground for a range of security threats.

MX Logic predicted cyber criminals will "seek new and more sophisticated ways to exploit social networking sites such as Facebook and MySpace".

The company's threat research team is already seeing instances of this new direction via blog spam and phishing. It predicted "information looting through interactive communities" will become a common practice next year.

"In 2007, cyber criminals firmly established their intentions to focus on Web 2.0 applications," director of threat management at MX Logic, Sam Masiello, said.

"This trend, coupled with combined threats distributed through botnets, will reach critical mass in 2008."

Security - a balancing act

At least one Canadian analyst, however, questioned the relevance of such prognostications.

"How meaningful is it to say the threat landscape is changing this way or that when many organisations still need to take care of the fundamentals?" director of Canadian security and software research at IDC, David Senf, said.

For instance he said there are basic things companies here need to do. "For instance, if you have USB keys left around your company with all sorts of unencrypted, and unprotected data, that's one gaping holes that needs to be closed," he said.

He said organisations needed to look at the internal threats first, while also exercising vigilance against external threats.

Part of the problem, Senf said, is that security is not a high priority.

"Ask senior business execs and they would tell you their priority is reaching out to that next customer, getting the product features right," he said. CIOs too are attempting to balance a bunch of different priorities.

While it wouldn't be realistic to say organisations should focus entirely on security, it's clear that they should devote more attention to it, at least from a risk-assessment perspective, the IDC analyst said.

Senf said, of necessity, there would be huge differences in the security policies, practices and priorities of companies.

He said companies need to first identify which assets they are defending and where those assets sit, and that would tell them what they need to be concerned about.

"Just because you learn about the latest attack vector doesn't mean your organisation needs to change its security policies, and strategy," he said. "The number one should be around employee training - and effective policy riding on how data is handled by employees. That's certainly where a lot of the problems come from."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joaquim P. Menezes

Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?