The security war has entered a new phase

Last August, Webroot Software released a statement that shocked the IT industry: 90% of computers were infected with spyware. Hackers still use viruses, trojans, keyloggers . but the way and purpose is somewhat different. The security war is entering a new phase.

There is no perfect software from the time it was written. Hackers still know how to take advantage of security holes in software to launch attacks. No gaps are not used by hackers, from errors in a chat software like ICQ to an Internet Explorer browser vulnerability. Even security bugs in office software such as Microsoft Word will not escape the "sight".

There are many client-side software (software running on the user's computer in the server client architecture) so that hackers can take advantage. Email and instant messaging (IM-Instant Messages) are two of the thief's "open gold mines" in the digital world. Internet service providers can 'build up accumulations' to protect information on their servers, but cannot protect remote client computers. Not everyone who uses the Internet has enough knowledge about security.

Familiar hacker attacks via client-side software are phishing. The hacker will send the victim an email or a message, with the address of a website or a file. If the victim opens the file (or clicks on the website address), a malicious software (malware - collectively referred to as viruses, keyloggers, trojans, spyware .) will be automatically installed on the computer and executed. Destiny 'that it is delivered.

Most of these attacks are to steal personal information. Credit card numbers, bank account codes or important data are valuable to hackers. In particular, important data can become "hostages" for hackers to execute extortion abductions. If the victim refuses to pay the ransom, the 'hostage' will be . deleted.

Phishing is not difficult to prevent, but hackers still release power because of the low awareness of Internet users.Evidence is the fact that a series of computers in Vietnam are infected via Yahoo!Messenger only a few days ago.These viruses are designed very simply (according to experts, only 'Vietnameseization' of the virus source code is shared on the Internet) and in fact is not much of a danger but a warning bell for users. Internet is not only in Vietnam, especially when hackers are starting a new attack strategy much more dangerous.

Phishing is also a way for 'black hat' people to set up botnets (controlled computer networks) to launch a denial-of-service attack or distribute spam. The computers after being infected with the virus / trojan will be turned into zombies (the computer is controlled).

Many zombies merge into a botnet. When a hacker orders, zombies in a botnet will simultaneously send requests to an Internet service's server, causing it to be flooded in the required jumble, eventually losing complete processing power.

According to calculations, none of the servers survived 30,000 zombies more than 30 minutes, but at the height of the phishing (2003-2004), experts discovered that many botnets had 'number troops' of over 100,000. Total losses from denial-of-service attacks in the two years 2003-2004 amounted to nearly 40 billion USD with 'names' such as Blaster, MyDoom, Sasser, Sobig .

Currently, the botnet scale has decreased, but this is not something to be happy. Hackers who don't want to be exposed should switch to "guerrilla" with small botnets, about under 20,000 zombies, continue to cause serious damage.

Although the server systems are more and more secure, the software is always vulnerable. Some errors in Ajax and Javascript can help hackers attack, gain control of remote targets. One of the first victims is Samsung Telecom website. Samsung's name is probably enough to reassure the most skeptical and hackers can easily distribute trojans as harmless program files. Before Samsung could fix the problem, many people were trapped.

The security war continues and has entered a more difficult stage for users. In this war, prevention is still the best solution and to prevent it, every Internet user needs to be vigilant. When the water supply is dirty, the user does not have to do anything, the water company will solve the problem. But when the Internet is 'contaminated', customers must also 'fight'.