http://www.zwire.com/site/news.cfm?newsid=15387510&BRD=1091&PAG=461&dept_id=425695&r By: George Spohr Business Editor 10/14/2005 Talk about a dubious honor. In its most recent "Security Update" report, Symantec - a provider of anti-virus software - lists Princeton as the hemisphere's most "adbot"-ridden city. The company said it traced 17 percent of adbot attacks in the Americas to computers in the Princetons. That number is so high, it makes the second- and third-place cities in North and South America - New York and Sao Paulo, Brazil - look like also-rans. Both cities played host to 3 percent of adbot attacks in the Americas, Symantec said. When all continents are taken into consideration, Princeton is the second-most adbot-ridden city, with 7 percent of all adbot attacks being traced here. Cambridge, in the United Kingdom, topped the list at 8 percent. New York was in 12th place, credited with just 1 percent of the world's attacks. Adbots, short for "advertisement-driven robots," are programs that are covertly installed on your computer, allowing hackers to remotely control it for a wide variety of malicious purposes, said Brian Watkins, a Symantec spokesman. The end result sometimes is referred to as a "payload." Attackers often command large groups of bot-controlled systems known as bot networks, Mr. Watkins explained. Those networks, which often are available for rent by Internet thieves, can be used to conduct coordinated attacks. College networks are particularly vulnerable. "As Princeton University is located there, Symantec believes that this may be related to the beginning of a new school year," the company said in explaining Princeton's rank. But that explanation - indeed, the very findings themselves - are baffling, said Anthony Scaturro, Princeton University's IT security officer. "The report stated that the city of Princeton has the second-largest bot population - 7 percent of the world's bots, to be exact," Mr. Scaturro said. "All of New York City, with its 8 million-plus population, paled at a mere 1 percent. Clearly, with results such as these, the credibility of the Symantec report is questionable." The report's methodology also leaves much to be desired, he said. Symantec traces the origin of adbots by examining the bits of identifying data that attach themselves to whatever kind of file the bots produce - an e-mail message, a Web page or malicious piece of software. When you receive an e-mail, for example, a quick check of the message's "header" can tell you the general area from which the e-mail was sent. "In today's modern attacks, the source of many attacks is forged," Mr. Scaturro explained. "So if the hacker programmed in the address of a Princeton computer in the bot program, when it spreads to a million computers and they start sending out their payload, it will appear that all of the attacking computers are from Princeton, even though 50 are in Tokyo, 100 are in Los Angeles, three are in Vermont, et cetera." That Symantec, which - perhaps ironically - is the provider of computer security software for all Princeton University faculty, staff and student computers, would publish this report without mentioning its questionable methodology is surprising, Mr. Scaturro said. Mr. Scaturro said the university has taken a multi-pronged approach to protecting those computers from worms, viruses and adbots by: * Being an early adopter of technology that examines the network traffic going to and from the Internet on the campus. "Any piece of network traffic that appears to carry a destructive virus or worm is blocked - both coming into the campus and going out to the Internet," Mr. Scaturro said. * Using firewall technology to protect critical devices. * Constantly monitoring for the latest security-related updates from computer vendors. * Communicating with the campus about the importance of using strong passwords and installing anti-virus and anti-spyware software. "I am very proud of the technical staff that we have at Princeton University and have personally never worked with a team that has been more security aware," Mr. Scaturro said. "Their efforts in setting up and maintaining our systems in a secure manner and ensuring that any offending computer is removed from the network as soon as it is detected are the primary reason that we do not see a lot of attack traffic exiting our network." _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Oct 16 2005 - 21:28:21 PDT