[ISN] We need to monitor information security grifters, too

From: InfoSec News <alerts_at_private>
Date: Fri, 12 Dec 2008 03:11:19 -0600 (CST)
http://news.cnet.com/8301-1009_3-10121353-83.html

By Jon Oltsik
Security 
CNet News
December 11, 2008

A new report from the Anti-Phishing Working Group is yet another 
reminder of the information security threats we all face. This latest 
publication states that the number of compromised URLs used to 
distribute malicious code nearly tripled in the 12-month period from 
July 2007 through July 2008.

This data, along with similar research from McAfee, RSA Security, 
Symantec, and Trend Micro, demonstrate that the bad guys are taking 
advantage of the global recession with an increase in attack volume and 
sophistication. Certainly, security professionals recognize this 
unsettling trend, and according to ESG Research data, security remains a 
top IT priority for 2009. Based upon recent activities, it appears the 
federal government also sees the need for countermeasures.

While insiders seem to see the storm approaching, however, I'm worried 
about the Internet everyman--"Joe the Online User," if you will. 
Information security tends to be an esoteric topic sure to bore the 
pants off friends and neighbors at upcoming holiday parties, but there's 
more in play than ignorance alone.

I am starting to see a whole bunch of no-name security grifters pitching 
second-tier products and services with Chicken Little, "the sky is 
falling" scare tactics. You tend to find these guys are on drive-time 
radio and entertainment Web sites. I'm not alone in this observation. 
This week the U.S. District Court in Maryland ordered two fly-by-night 
companies to stop promoting "scareware" through online advertisements. 
These pop-up ads would warn Web surfers that their systems had been 
compromised by viruses, spyware, and even "illegal pornographic 
content." They were even so brazen as to suggest that users could be 
investigated or outed as some type of degenerate porn addict. Of course, 
they were happy to sell you software and services to alleviate the 
problem.

Unfortunately, there will always be a population of low-down dirtbags 
willing to take advantage of people's fears and hardships. After 
September 11 they pitched gas masks; they sold bottled water for $10 a 
piece following Hurricane Katrina. Given the cybersecurity activity out 
there, we are bound to see more and more of these security scams. The 
difference here is that security con artists are preying on fears that 
users really don't understand. Consumers may get scammed or become 
cynical--neither of which is good.

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Fri Dec 12 2008 - 01:11:19 PST

This archive was generated by hypermail 2.2.0 : Fri Dec 12 2008 - 01:20:47 PST