Have you clicked on an advertisement on a website latley and it didn’t take you to anything related to the original ad? If so, you are not alone.

You may ignore strange pop-up quizzes, and give invitations to look at Anna Kournikova’s.ru site a miss. You don’t open any attachments from unknown sources, and your antivirus software has never let you down.

Guess what? Your computer may still be infected. Right now evil hackers may be sifting your hard drive for passwords, bank account numbers and personal documents.

The latest threat for Internet users is malvertising, which is basically the use of ad networks for distributing malicious software. Computer security experts say the latest product of botnet scientists is designed to run on mainstream websites, slipping under the radar of the major ad agencies who place the banner ads and pop-ups. But what’s scary is this new class of malware requires no interaction from users. It simply attacks the latest flaws and vulnerabilities in Adobe or Java.

The malvertisers are using the good name of the website or ad agency to point browsers at their servers, which load up the malware concealed in PDF, Flash, Java or similar files. The banner could include a single pixel iframe, which has a malicious PDF. If the machine is like most Outlook set-ups, it will automatically be opened by Acrobat and the machine then joins a botnet.

The machines sending the message could be anywhere and best protection is as always to patch and patch and patch. Users should also switch to Firefox rather than Internet Explorer, and make use of their preference panels so the browser does not automatically open PDFs.

Hackers are trying their best to stay one step ahead of cyber security, which is why using a reliable antivirus program is of utmost importance for the safety of your computer.

Industry experts made it apparent that the US Government needs to increase cyber security efforts to the Senate Commerce, Science Committee and Transportation Committee after a number of analysts gathered to inform the Government that more regulation is vital to face cyber threats. The committee wants to create legislation which could enable Governments and businesses to work together to protect critical computer systems. So far it has been met with opposition from those who claim regulation will burden the industry.

A security specialist survey has revealed that in the last 12 months, 75 percent of businesses worldwide have experienced a “cyber-attack”. Thats an astonishing discovery especially when the majority of worldwide business will face these issues.

The survey, one of the biggest of its kind, was conducted in January among 2100 enterprise chief information officers and IT managers from 27 countries. The survey also reveals that 42 percent of businesses now rate cyber crime as the greatest threat to their well-being, more than natural disaster, terrorism and traditional crime combined. The average cost associated with an attack is put at $2 million.

Every single company surveyed had experienced some form of cyber loss in the previous 12 months, ranging from a full-blown attack to the loss of important data. The report notes that many enterprises are embarking on new initiatives that make providing security more difficult, such as outsourcing of storage or software services.

Online security has been one of the year’s hot topics so far, ever since the internet search giant Google fell victim to what it claimed was a co-ordinated cyber-attack from China last month.

The threat continues: On January 5, 2010, the Duanesburg, New York Central School District disclosed an attempted theft of $3.8 million, about a quarter of the district’s operating budget.

Local school districts across the United States have emerged as a prime target for cybercriminals. These crimes have been driven by malicious software infecting central office computers which hold the district’s banking details. These details were used by cybercriminals to access the district’s online bank account and illegally transfer money out of the account to money-mules, who subsequently transfer the funds to the criminal ringleaders.

There are many soft-target characteristics of school districts and similar organizations including local governments, not-for-profit-organizations, and small businesses that make them attractive to cybercriminals.

Experts admit that there is a desperate need for much stronger “Default Deny” PC endpoint security to be deployed by organizations that appear to be soft targets. Security experts say hackers are turning away from stiff defenses of banks and large enterprises and turning toward small businesses and schools.

According to the latest figures one-fifth of small businesses don’t use antivirus software. And 60 percent don’t use encryption on wireless links, with 66 percent of small businesses having no security plan in place. Keeping these numbers in mind, it’s no surprise that hackers see small businesses and schools as easy targets.

Do you think this will force more school districts and small business to take the needed actions to protect their own interest?

Sometimes it is not the malicious kind of hacker who designs computer viruses and tries to steal your money, rarely it is the “ethical” hacker who at one time got paid to “hack”.

Companies are now paying Ethical Hackers to expose weaknesses in their systems after a rapid increase in cyber attacks on businesses and governments worldwide. A number of universities are now offering students the chance to learn how to hack computer networks. As a result the “ethical hacking” industry is booming as more businesses realize the severe threat computer viruses pose to their bottom line.

In fact IT professionals hoping to boost their earnings and careers over the next five years are betting their shirts on ethical hacking and security qualifications, according to IT experts.

Critics have warned of the dangers of arming young people with knowledge that could so easily be turned to criminal endeavor. But industry professionals have faith that those who have the knowledge that a cyber criminal has will not misuse the information. And many experts feel the importance of ethical hacking has yet to be fully realized.

NCC group, based in Manchester, is one of the largest firms in Europe to offer ethical hacking as one of its services, claiming to have 94 of the UK’s top 100 companies amongst its clients. CEO Rob Cotton says: “It’s actually an arms race. It’s the bad guys getting better and better and us, the good guys, trying to overcome them.”

“Business is becoming more aware of it but more often than not organizations turn round and are shocked that they’ve been hacked.”

“Why would somebody hack us and steal our information’, they say? Simple reason is information is valuable, and becoming more valuable as every day passes by.”

As both the private and public sectors become increasingly dependent on networked technology, the promise of a lucrative career waging war against criminal hackers is likely to make the ethical option even more popular.

When Comcast customers tried to access the Comcast.net site in May 2008, they were redirected to an unknown web page which displayed a message identifying the hackers as the Kryogeniks gang. At that time about five million people connected to the site each day, according to the United States Department of Justice.

Instead of users getting the normal Comcast.net home page, the message on the page greeted customers with the message as follows:

“KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven”.

Immediately after Comcast was able to address the hack, the registrar came back to say that they did not know how the hackers managed to get the passwords necessary to switch the DNS servers and redirect the site.

The indictment has shed some light on how this hack was accomplished. It has been revealed that one of the defendants, Christopher Allen Lewis, made two phone calls to get the information that he and his friends used to access Comcast’s DNS information.

The filing claims that one of the defendants, Michael Paul Nebel, allegedly logged onto a specific Comcast email account that allowed him to communicate with Comcast’s DNS registrar. Lewis was then able to sign onto Comcast’s account at the registrar and point the Comcast.net site to the page he and the others created.

During the attack, one of the defendants, Lewis, called a Comcast employee at his home and asked if the company’s domains were working properly as the indictment alleges.

Comcast claims it lost US$128,578 during to the attacks.

James Robert Black Jr. is the third defendant named in the indictment. The men are charged with one count each of conspiracy to intentionally damage a protected computer system. The charges have been filed in the US District Court for the Eastern District of Pennsylvania.

If convicted they will face a five-year prison sentence and each be fined $250,000. It is time that hackers face the music. Hopefully the harsh punishment in this case will be a wake-up call to other hackers out there.

10-days worth of information containing 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars, was discovered by security researchers at the University of California, Santa Barabra. The discovery came about when the security researchers at the University broke into the Torpig botnet, associated with Mebroot or Sinowal.

The Torpig or Sinowal botnet, is one of the more sophisticated networks because it uses malicious software to infect computers in an effort to harvest information such as banking accounts, credit card numbers and email passwords. The researchers from the University were able to monitor more than 180,000 infected or hacked computers by exploiting a weakness within the hackers network that controlled the group of infected computers.

What is Torpig/Sinowal and Mebroot?

Torpig/Sinowal is known to be a botnet that is capable of stealing usernames and passwords from several widely used email clients such as Outlook, Thunderbird and Eudora. In addition to collecting email credentials, Torpig is able to gather passwords from web browsers and infect PC’s through malicious websites via a drive-by download attack method. Torpig/Sinowal is actually installed onto a users system after it is first infected with Mebroot, an older rootkit that first appeared in December 2007. Mebroot is a Trojan known to infect a computer’s Master Boot Record (MBR). The MBR is the first code or data that a system looks for during the boot process to load the operating system. Mebroot also has the capability to download other malicious files or code onto a compromised system.

Hackers, who controlled the botnet or group of compromised computers, were able to gather data for a total of 10 days. After the 10th day they updated the command-and-control instructions. In the allotted amount of time, just 10 days, the hackers were able to gather about 70GB worth of data from the compromised computers. The information consisted of email passwords, Windows passwords, FTP credentials, financial data and credit card numbers.

In figure 1 below, the Torpig botnet was discovered to have gained millions of data items.

Figure. 1 [image source: blogs.zdnet.com]

How is a Botnet like Torpig/Sinowal disrupted?

Security researchers are able to figure out the different algorithms of botnets such as Torpig. They are able to predict which domains the malware will connect too and pre-register them to interrupt the botnet’s impending actions. This process is similar to that used by the ad-hoc group that attempted to put an end to the Conficker worm infection. Conficker generated up to 50,000 domains names a day, similar to the Torpig/Sinowal Botnet.

After this discovery, it was estimated that Torpig’s criminal network profited between $83,000 to an astonishing $8.3 million in just a 10-day time frame.