Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Incredulous ranking: 'Adbots' love Princeton

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Incredulous ranking: 'Adbots' love Princeton
Date: Sun, 16 Oct 2005 23:04:38 -0500 (CDT) 
http://www.zwire.com/site/news.cfm?newsid=15387510&BRD=1091&PAG=461&dept_id=425695&r

By: George Spohr
Business Editor 
10/14/2005 

Talk about a dubious honor.
   
In its most recent "Security Update" report, Symantec - a provider of
anti-virus software - lists Princeton as the hemisphere's most
"adbot"-ridden city. The company said it traced 17 percent of adbot
attacks in the Americas to computers in the Princetons.
   
That number is so high, it makes the second- and third-place cities in
North and South America - New York and Sao Paulo, Brazil - look like
also-rans. Both cities played host to 3 percent of adbot attacks in
the Americas, Symantec said.
   
When all continents are taken into consideration, Princeton is the
second-most adbot-ridden city, with 7 percent of all adbot attacks
being traced here. Cambridge, in the United Kingdom, topped the list
at 8 percent. New York was in 12th place, credited with just 1 percent
of the world's attacks.
   
Adbots, short for "advertisement-driven robots," are programs that are
covertly installed on your computer, allowing hackers to remotely
control it for a wide variety of malicious purposes, said Brian
Watkins, a Symantec spokesman. The end result sometimes is referred to
as a "payload."
   
Attackers often command large groups of bot-controlled systems known
as bot networks, Mr. Watkins explained. Those networks, which often
are available for rent by Internet thieves, can be used to conduct
coordinated attacks. College networks are particularly vulnerable.
   
"As Princeton University is located there, Symantec believes that this
may be related to the beginning of a new school year," the company
said in explaining Princeton's rank.
   
But that explanation - indeed, the very findings themselves - are
baffling, said Anthony Scaturro, Princeton University's IT security
officer.
   
"The report stated that the city of Princeton has the second-largest
bot population - 7 percent of the world's bots, to be exact," Mr.
Scaturro said. "All of New York City, with its 8 million-plus
population, paled at a mere 1 percent. Clearly, with results such as
these, the credibility of the Symantec report is questionable."
   
The report's methodology also leaves much to be desired, he said.  
Symantec traces the origin of adbots by examining the bits of
identifying data that attach themselves to whatever kind of file the
bots produce - an e-mail message, a Web page or malicious piece of
software. When you receive an e-mail, for example, a quick check of
the message's "header" can tell you the general area from which the
e-mail was sent.
   
"In today's modern attacks, the source of many attacks is forged,"  
Mr. Scaturro explained. "So if the hacker programmed in the address of
a Princeton computer in the bot program, when it spreads to a million
computers and they start sending out their payload, it will appear
that all of the attacking computers are from Princeton, even though 50
are in Tokyo, 100 are in Los Angeles, three are in Vermont, et
cetera."
   
That Symantec, which - perhaps ironically - is the provider of
computer security software for all Princeton University faculty, staff
and student computers, would publish this report without mentioning
its questionable methodology is surprising, Mr. Scaturro said.
   
Mr. Scaturro said the university has taken a multi-pronged approach to
protecting those computers from worms, viruses and adbots by:
   
* Being an early adopter of technology that examines the network
  traffic going to and from the Internet on the campus. "Any piece of
  network traffic that appears to carry a destructive virus or worm is
  blocked - both coming into the campus and going out to the
  Internet," Mr. Scaturro said.
   
* Using firewall technology to protect critical devices.
   
* Constantly monitoring for the latest security-related updates from
  computer vendors.
   
* Communicating with the campus about the importance of using strong
  passwords and installing anti-virus and anti-spyware software.
   
"I am very proud of the technical staff that we have at Princeton
University and have personally never worked with a team that has been
more security aware," Mr. Scaturro said. "Their efforts in setting up
and maintaining our systems in a secure manner and ensuring that any
offending computer is removed from the network as soon as it is
detected are the primary reason that we do not see a lot of attack
traffic exiting our network."




_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Incredulous ranking: 'Adbots' love Princeton, InfoSec News <=
Previous by Date:  [ISN] Interview: Fyodor, InfoSec News
Next by Date:  [ISN] FBI puts stop to spam king, InfoSec News
Previous by Thread:  [ISN] Interview: Fyodor, InfoSec News
Next by Thread:  [ISN] FBI puts stop to spam king, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]