Kidz Rage !

Virus creators and malware authors are moving with greater speed than ever before, exploiting gaps in company security networks and even using online communities to spread information about potential vulnerabilities, according to security experts at Trend Micro.

Executives at the company have pointed to two new developments which could threaten systems in the Middle East over the summer.

The first is the rise in the use of ‘bots’ and ‘bot networks,’ clusters of computers taken over without the owners’ knowledge and deployed to attack unsuspecting users in high numbers.

Botnets can be comprised of as few as a couple hundred computers, or be as large as tens – or even hundreds – of thousands of computers, all tied together by a common underlying infection, which enables the botmaster to remotely control them.

‘Botnets are frequently used as vehicles for quickly and efficiently spreading malware, and they are readily available to malware writers,’ said Trend Micro’s Jamz Yaneza, Senior Threat Analyst.

‘They are one of the most efficient ways to compromise computers for targeted attacks,’ adds Yaneza. ‘Botnets grant malware writers a wide array of power to inflict damage, from launching denial of service attacks to targeting financial institutions.’

In the Middle East, the traditionally long summer holidays – in addition to the large numbers of companies that don’t employ full-time IT security staff – means that these networks can go undetected for significant lengths of time, increasing the virulence of the attacks.

‘It’s definitely the case that the number of bot network attacks within the region is rising, and we’re also convinced that a higher proportion of computers have been drawn into these networks without their owners’ knowledge,’ said Justin Doo, Regional Director, Trend Micro Middle East and North Africa.

In addition, the company has also drawn attention to the potential damage that publicly-accessible online hacker communities can cause.

This phenomenon was underlined by the listing of three ‘proof-of-concept’ exploits on publicly-accessible Web sites in June this year, which would enable hackers to use the popular computer program Microsoft Excel as a vehicle to spread viruses.

‘It’s common for proof-of-concept code to become available shortly after the discovery of a vulnerability,’ said Yaneza. ‘Most malware writers these days don’t want to risk getting caught and going to jail, so they prefer to post the code to hacker sites to display their technical knowledge, but let somebody else use it for malicious purposes.’

Though such exploits may not immediately – or sometimes ever – be deployed in an actual attack, security experts at Trend Micro advise users to remain vigilant, nonetheless, since the code is readily available and can be employed by a malicious author at any time.

In fact, according to researchers at Trend Micro, one of these exploits has already been utilized in a targeted attack and further attacks are possible.

The experts recommend the following ‘tried-and-true’ policies to minimize the risk posed by these exploits:
• Do not open Excel files attached to any emails from those you don’t know;

• Do not open Excel attachments from those you do know, if you weren’t expecting an attachment from that person, or if the content of the email seems out of character for that person;

• In corporate settings, administrators should consider blocking all incoming Word, PowerPoint, and Excel files from external unverified sources by policy. Inter-company documents may be considered relatively safe from this particular threat, assuming no significant internal problem exists;

• Avoid opening externally-hosted Excel documents

• Ensure your antivirus definitions are up-to-date.

• Run a manual scan with your updated Trend Micro product, or with Housecall, Trend Micro’s free online virus scanner.