Security Response

Taking the Shortcut to Malicious Attacks 

Shortened URLs have become popular in recent years as a means of conserving space in character-limited text fields, such as those used for micro-blogging. Some URLs consist of a substantial number of characters that can eat up character limits, break the flow of text, or cause distortions in how Web pages are rendered for users. URL shortening services allow people to submit a URL and receive a second, specially coded shortened URL that redirects to the original URL. When a user clicks on the shortened URL, the service will redirect the person to the submitted Web page.

Attackers are taking advantage of this type of service because it helps to hide the actual destination URL. Attackers use the shortened links, which may or may not be legitimate, to lead unwitting users to malicious websites that are designed to attack any system using a vulnerable browser. 

Social networks are a security concern for...

The prevalence of Web-based applications and the ease of which these applications can be exploited using vulnerabilities have contributed to the widespread nature of Web-based attacks. Attackers can successfully reach and compromise a massive number of targets, and this remains as the source of motivation behind Web-based attacks. Attackers who wish to take advantage of client-side vulnerabilities no longer need to actively compromise or break into specific networks to gain access to those computers. Instead, by attacking websites, attackers can use them as means to mount client-side attacks.

An attacker can exploit any number of Web application vulnerabilities, such as SQL injection vulnerabilities, to help mount their Web-based attack. Surprisingly, many of these vulnerabilities are not used to directly compromise enterprise data assets or gain access to sensitive information. They are used simply as a way of injecting malicious content into websites as a means of...

Underground economy servers are black market forums used to advertise and traffic stolen information. The information can include government-issued identification numbers such as Social Security numbers, credit card information, bank accounts credentials, personal identification numbers, email address lists, and email accounts. They can also provide services to facilitate these illegal activities and can include cashiers who withdraw funds from the stolen accounts, scam page hosting, and job advertisements for roles such as scam developers or phishing partners.

Symantec's Report on the Underground Economy shows that there are a wide variety of goods and services being advertised on underground economy servers, and many of these goods and services form a self-sustaining marketplace. Participants in this fraud can obtain goods by a variety of means; credit card and banking...

The costs of most goods are so much higher than they were 30 years ago. Back then, cars were under $10,000 (I remember this because the Price is Right only had four missing digits in their Lucky Seven game). You could feed a family of four for $10 and even have change left over to buy a 25 cent candy bar. But what can you buy for $10 in 2008? I could buy just under three gallons of gas for my car, which would probably last me a couple of days. I could buy lunch at the local sushi place but only lunch since there wouldn't be enough left to buy something to drink. Or, I could buy 10 United States identities.

On underground economy servers, criminals sell a variety of illegal goods and services including bank account credentials, credit card numbers, and full identities. Typically, these goods are used for identity theft related activities. In the...