Jump to content

Cyberattackers slither through software holes


Recommended Posts

Cyberattackers slither through software holes




By Jon Swartz, USA TODAY




Cyberattackers, in a major new approach, are exploiting flaws in popular software programs - especially anti-virus and backup tools - to break into the computers of consumers, government agencies and businesses.


The change in attack methods spells new headaches for PC users already under siege from hackers and another challenge for tech administrators, according to an annual computer-security study to be released Tuesday.


"Hackers have changed their tactics," says Alan Paller, research director at security firm Sans Institute, which discovered the new wrinkle in attacks and issued an alert. "The bottom line is that security has been set back nearly six years in the past 18 months."


Security provider Qualys, another participant in the study, found "significant vulnerabilities" in most anti-virus and backup software, based on its weekly scan of millions of computer systems in 20 countries, says Gerhard Eschelbeck, its chief technology officer.


For more than five years, hackers have attacked security flaws in the operating systems (OS) of PCs, such as Microsoft Windows and Linux, and Internet services, such as Web servers and mail systems, to gain control of users' PCs and information. Companies and individuals have fended off attacks with a steady diet of automated patches to plug holes in their systems.


But many software makers do not, making their users prone to cyberattacks, Paller and other security experts say.


The new attacks have put the onus on software makers to do a better job of updating the security features of their products, security experts say.


Software vendors "need to follow the lead (of) the OS industry with automated patches," says Rohit Dhamankar, lead security architect at 3Com's TippingPoint division. The company also works closely with Sans Institute.


The new form of cyberattacks start when PC users download a picture or MP3 file containing malicious code off the Internet, Dhamankar says.


Once hijacked, a PC is likely to be grouped with other compromised PCs to spew spam, launch denial-of-service attacks or carry out identity-theft scams.



11/22/2005 07:13




Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...