Botnet & spam attacks are getting ugly.

unseen_headlous.jpgEveryone's aware of the trojans and the zombie computer botnets that often spawn from them have been a problem for many years, but now the attacks have been getting downright nasty. Attackers are using more and more sophisticated methods, including social engineering, to get past users' defenses. Like an attack targeting eBay members and stealing their online identities using multi-stage attacks in order to perpetuate fraud.

The eBay attack began with hackers compromising third-party web sites using a technique called SQL injection. Extra code was dynamically added to the main page of these web sites using a hidden IFRAME tag which loaded a malicious web page. This page contained a VBScript file that used AJAX to download and save a file called MISuvstm.exe into the Windows system folder. Once this file was downloaded, it attached itself to the Windows Explorer process and went hunting for a further trojan, called SRTops32.exe, which was the basis for a Distributed Denial-of-Service (DDoS) attack on eBay itself. The attack uses eBay's own Application Programming Interfaces to guess eBay users' passwords by brute force, although more traditional phishing techniques are also being used. 

More on security threats:

"The future outlook isn't promising -- bot-affected software is growing more powerful and stealthy, making it harder to find and return to a secured state. The pressure is on computer users to become savvier about security and on organizations to spend more money on proactive defenses, and detection and reaction capabilities. Law enforcement will also need to deal with an increasing number of crimes that involve potentially thousands of computers at a time."
Of course, here's where Sendside comes in since it's designed to eliminate spam, phishing and fraud without IT integration. Looks like the market opportunity continues to grow.