Beware of 'blended threats,' phishing zombies in 2008

Combined online security attacks set to become more prevalent in 2008

"Blended threats" - online security attacks that combine several techniques - are likely to become more pervasive in 2008, security industry insiders say.

Such threats are already "gaining momentum", according to security managed services provider, MX Logi.

Blended threats reveal how malware distribution has become a "business model in the underground community," the security firm said in its'2008 Cyber Threats Predictions' document.

These threats are particularly insidious because they use multiple strategies to exploit known vulnerabilities - for instance, combining facets of hacking, computer-worm and denial-of-service attacks.

This "combo" approach enables the attack to spread quickly and cause a huge damage in a short time.

MX Logic cites an example of how this could work in practice.

"A cyber criminal using a blended threat [could] install a key logger on to a PC that captures personal information while he or she simultaneously turns the machine into a spam zombie that pumps out thousands of unsolicited messages claiming to be from brands like Viagra and Rolex."

In this scenario personal information can be sold for a profit, while the hacker also makes money selling time on a captured PC to spammers.

Another security expert, though, takes a different view on the issue.

"By our definition, almost every threat is a blended threat," manager of security response Symantec, Marc Fossi, said. "It's like when Trojans from a malicious website install themselves on a user's PC."

He said this phenomenon is not new but it would continue. "And we'll see greater numbers of this."

Zombies go phishing

Increased sophistication among hacker gangs are likely to manifest itself in other ways as well.

For instance, Symantec in a document titled Trends to Watch in 2008 has predicted a "bot evolution" where we're likely to see phishing sites hosted by bot zombies.

"It's basically about automating [the process of] setting up phishing sites," Symantec's Fossi said.

In this scenario, he said, a bot master would use the bot to host the actual phishing Web pages and relay phishing email messages out because of the automated nature of bots.

"They could easily have several phishing sites set up simultaneously," he said.

He said today, typically, many cyber crooks would compromise a computer or find free Web hosting to set up their phishing site. "When the site is taken down they would compromise another computer or a new Web host to set up an account on."

But Fossi said if scamsters use a bot-compromised computer, it's very easy for them to set up multiple sites at once, or to set up one site, and as soon as that gets taken down, to automatically set up a new one on another bot.

"It's the redundancy factor for them. It's almost like a failover mechanism," he said.

Both MXLogic and Symantec have predicted the increase in Web services will pave the way for advanced cyber attacks via the Web browser.

"The Web browser is an appealing alternative for cyber crooks to push malware through email because it prompts the user to pull malware from a website," the MX Logic Cyber Threat predictions report notes.

It said the social engineering possibilities are countless, as vulnerabilities within Internet Explorer and Firefox continue to be exploited. "in 2007" it said, "the MX Logic Threat Operations Centre recorded dramatic spikes in the number of Web-based threats."

Symantec too expects the number of new Web-based threats to increase, as browsers continue to converge on a uniform interpretation standard for scripting languages, such as Java.

Browser blast

"Say every Web browser is using the same Web code to interpret Java off a range of Web sites. Then a single vulnerability in that interpreter would affect all the browsers. The attacker would then be able to compromise a wide variety of hosts with a single exploit," Fossi said.

He contrasted that with the infamous MPack attack from earlier in 2007, involving a kit of professionally written PHP software components (dubbed MPack) designed to be hosted and run from a PHP server with a database backend.

MPack, Fossi recalled, implemented different exploit modules. "When users would go to the website it would try them one by one. The idea was really to affect the most users that it could."

But if there's more of a convergence that site would only need to have used one exploit that it would use for every visitor.

2.0 jeopardy

As the media spotlight today is on new and compelling Web 2.0 applications, security insiders say in 2008, social networking sites will continue to serve as a breeding ground for a range of security threats.

MX Logic predicted cyber criminals will "seek new and more sophisticated ways to exploit social networking sites such as Facebook and MySpace".

The company's threat research team is already seeing instances of this new direction via blog spam and phishing. It predicted "information looting through interactive communities" will become a common practice next year.

"In 2007, cyber criminals firmly established their intentions to focus on Web 2.0 applications," director of threat management at MX Logic, Sam Masiello, said.

"This trend, coupled with combined threats distributed through botnets, will reach critical mass in 2008."

Security - a balancing act

At least one Canadian analyst, however, questioned the relevance of such prognostications.

"How meaningful is it to say the threat landscape is changing this way or that when many organisations still need to take care of the fundamentals?" director of Canadian security and software research at IDC, David Senf, said.

For instance he said there are basic things companies here need to do. "For instance, if you have USB keys left around your company with all sorts of unencrypted, and unprotected data, that's one gaping holes that needs to be closed," he said.

He said organisations needed to look at the internal threats first, while also exercising vigilance against external threats.

Part of the problem, Senf said, is that security is not a high priority.

"Ask senior business execs and they would tell you their priority is reaching out to that next customer, getting the product features right," he said. CIOs too are attempting to balance a bunch of different priorities.

While it wouldn't be realistic to say organisations should focus entirely on security, it's clear that they should devote more attention to it, at least from a risk-assessment perspective, the IDC analyst said.

Senf said, of necessity, there would be huge differences in the security policies, practices and priorities of companies.

He said companies need to first identify which assets they are defending and where those assets sit, and that would tell them what they need to be concerned about.

"Just because you learn about the latest attack vector doesn't mean your organisation needs to change its security policies, and strategy," he said. "The number one should be around employee training - and effective policy riding on how data is handled by employees. That's certainly where a lot of the problems come from."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joaquim P. Menezes

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?