Hackers, crackers, phishers: Cyber criminals steal with the help of spy programs, data on the network. But IT researchers at the University of Mannheim show now in a study, how they're able to give a fraudster with a malicious computer auszutricksen.
Â
As we plunge into the often highly networks from hackers, crackers and phishers Ein? The best also highly thought Thorsten Holz, Markus Engelberth and Felix Freiling from the Laboratory for Dependable Systems of the University of Mannheim, all three experts on network security.
blogs ONLINE
Under the microscope: Mannheim IT researchers spionierten Cyber-criminals are from, how they are Internet users ausspionierten
For their thesis to verify they laid April-October 2008 a bait on the Internet: an unprotected, but groomed computer. They could not know how successful their experiment would be. By flycatcher made them rich booty. They found the data hiding and backdoor network of numerous criminals.
The results of their case study are now available.
In 33 gigabytes of raw text - the equivalent of 48 CDs - the three researchers found traces of 173,000 victims in 175 countries. Nearly 12,000 of whom come from Germany. The data cover 10,775 access to online banking accounts, 5600 complete credit card records, 149,000 e-mail tens of thousands of passwords and login information for other sites, such as social networks - data stolen hitherto unknown proportions.
Trojan hordes from the bandit-kit
Your information hunger fraudsters with the help of Trojans, it thousands of unsuspecting users on the computer locks with infected software, with a particularly malicious websites with spam. The Trojans eavesdrop on the user to send keyboard and Surfprotokolle to a secret location on the network, "Dropzone". Hacker software analyzes the data, extract passwords, credit card numbers and banking data. The cyber-criminals can use this data on the Internet black market for resale or for online shopping use on an agency basis.
This business has been around for years. What is new is that seems more and more classic criminals with little technical know-how into the net dare. They buy on dark channels Trojan kits, book a few million spam e-mails about this and need only the data from the Dropzone procedure.
Normally, these Dropzone is password protected. Many criminal hackers beginner but missed, even the back door to block their Diebesgutlagers - and then played the Mannheim in the hands of experts. The came with simple tricks gigabytes of data as they tried, often successfully access via standard server directories, came because of the sensitive data. Thorsten Holz, a doctoral student at the Laboratory for Dependable Distributed Systems at the University of Mannheim, is surprised by the Fund: "We have not thought that so easy."
With honey begins to hackers
In order to be able to say had Mannheimer but only take in the Trojans to give them the address of their quasi Dropzone abluchsen. Done it with a so-called honeypot (a "honey trap") - a malicious computer that sent it to Surfreise until he is infected with a Trojan. What the Trojans not noticed: The computer, which he infested, was under close observation.
ON TO ONLINE blogs
Micro-blogging service Twitter: Channels of Britney Spears and Barack Obama chopped (06.01.2009)
Cyber attacks: Chinese hackers penetrate the network of the White house (07.11.2008)
Federal Court: a warning for selling crack software is legitimate (17.07.2008)
Data that the Trojans received from the network or send files to which it is accessed, it changed all of this, the researchers. From April to October 2008 found the Mannheimer as about 2000 different Trojan files, discovered 350 Dropzone. To 73 this web store, the experts had unlimited access. There they found the stolen property: the minutes of online banking Trojans.
Such Trojans, where in the network, a user is staying, which keys on the keyboard, he just pushes ( "keyloggers"). The user enters an online banking site, the pest is logged with every step, turn access data, PIN and TAN codes.
HARMFUL AND spyware SOFTWARE: SO WORK Trojans and CO.
Click on the keywords to learn more
Trojans
Like the Trojan horse of Greek mythology hide computer Trojans their main objective (and harmfulness!) Behind a disguise. Most occur as a harmless software: screensavers, video files, access program. They are, for example, as e-mail attachment distributed. If the program starts, is thus always a hidden malicious function: Most of this is the opening of a so-called backdoor, a backdoor to the computer system compared to the open Internet and by other malicious programs are downloaded.
Virus
Computer viruses infect existing files on the computers of their victims. The landlord files work? at least for a while - to continue as before. Because viruses are not discovered. They spread not independent, but rely on that computer users infected files to pass them by e-mail, to a USB stick copy or sharing settings. Of the other malicious and Spähprogrammen is a virus spread by the sole method. What damage it causes depends solely on the will of its creator from.
Rootkit
The small compound, the words "root" and "kit" together: "Root" is for Unix systems, users with administrator rights, even in the depths of the system must intervene. A "Kit" is a collection of tools. A rootkit is therefore a set of programs, with full access to the system of a computer equipped. This allows the rootkit widespread manipulation, without that, for example, virus scanners can still be perceived. Either the rootkit software includes, for example, disable security scanner, or it builds a so-called shell on, which is regarded as a kind of mini-operating system operating in all suspicious transactions to the computer hides. The bulk of the outstanding rootkit is used, trojans, viruses and other malicious additional software over the Internet message. Rootkits are among the most difficult aufspürbaren compromise a computer.
Worm
Computer worms are, in practice, the tuned, lowered variant viruses and Trojans. In the strict sense of the term only describes a program, which provides its own spread - and the programs that are transported. Worms contain a nucleus is a malicious program, for example, by launching its own mail program to spread from one infected computer provides. Your Hauptverbreitungsweg are the communication channels of the Web: E-mail, chats, AIMs, P2P exchanges, and others. In practice, they are often seen as a vehicle for the dissemination of various other malicious programs used.
Drive-by
Under a drive-by is the influence of a computer or even the infection of a PC simply by visiting an infected Web page. The method is a few years the trend: Taking advantage of recent security vulnerabilities in browsers and the use of scripts, a Web page stored on a malicious code on a computer influence. Thus, virus spread, sniffer programs installed, the browser requests redirected to Web sites that pay for and more. Drive-BYS are especially perfidious because they are from PC users no activity (such as opening an e-mail) request, but only carelessness. Victims are mostly users that their software is not through regular updates currently hold - that is potentially as good as any.
Botnet
Botnets are networks of computers gekidnappter - the bots. With the help of Trojan programs, for example, through websites or manipulated fictitious e-mails on the computer infiltrate, to obtain the botnet operator access to the foreign PCs, they can be controlled via the Web. Such botnets to let can be a lucrative business. The zombie armies are used, among other things, to millions of spam e-mails to send a large number of simultaneous requests sites to its knees or on a large grassy styles passwords deductible. (more on blogs ONLINE)
Zero-day exploits
A zero-day exploits exploits a software vulnerability already andem day on which the risk is even noticed. Normally provide protection to producers of software and the authors of malicious software, a head-to-head races at stopper, sealing the well-known exploits and vulnerabilities.
Risk No. 1: User
The greatest security risk in the world of the computer sitting in front of the computer. Not only a lack of discipline when necessary software updates to make the user dangerous: He has a great fondness for free music from obscure sources, funny file attachments in e-mails and a great joy in communication oh so informal Plauderraum of the Web. The most damage is likely in the IT user-fingers on buttonpress caused.
Browser, the form data to the user's convenience store and automatically register on websites, especially come the Trojans a bonus: In such a case, he only read a key file in which all the login names and passwords are stored by the user. Together with the other log data, he invites them into the Dropzone. All this is completely automated.
Australian experts sift through digital stolen
Much of technical understanding is no longer necessary. Also, because such a Trojan kit with Euro 2000 to 3000 is quite favorable, there is so classic criminals a new field of activity. For the Trojans experts Thorsten Wood is a sign that traditional and digital crime are interwoven - Cyber-criminals are no longer the vanguard of the bandits. That also means no more long, and even the stupid cyber bandits know how to manage their online deeds can better hush.
YOUR OPINION IS ASKED
Discuss this article
And what happens with all the data, the digital stolen by the Mannheim found? That gave them to the Computer Emergency Response Team (CERT) in Australia, which focuses on banking issues specialized. The Australians will take care of the data and say the victims and affected companies targeted. Even where firms will sign up, ask for data, which show how the cyber bandits their online spying systems.
For German users of online banking systems, there are at least good news. Online banking in Germany is relatively safe as long as no fraudster TAN list get into the hand, they have virtually no chance of online accounts leerzuräumen. As a particularly safe mobile TAN procedures, some banks send TANs with a short shelf life via SMS. In some countries without TAN-based system is already on the other hand, the standard combination of access name and password. A gift to cyber-bandits.
