I want to see someone prosecuted
Published Tue, Apr 10 2007 9:13 AM
The IDG News service is reporting that over 2,000 web sites are either hosting exploit code for the .ANI cursor flaw or redirecting users to sites that do.
More than 2,000 unique Web sites have been rigged to exploit the animated cursor security flaw in Microsoft's software, according to security vendor Websense.
Those Web sites are either hosting exploit code or are redirecting Internet users to sites with bad code, Websense's blog reported Monday.
The number of Web sites engineered to exploit the problem has jumped considerably since the vulnerability was publicly disclosed by Microsoft on March 29. It will likely continue to rise until patches are applied across corporate and consumer PCs, said Ross Paul, senior product manager for Websense.
Hackers are hoping to catch some of the millions of unpatched machines.
"What we've seen is that exploits tend to be used as long as they are effective," Paul said.
Last week, Microsoft broke from its regular patching routine and issued an off-schedule fix due to the danger of the vulnerability, which occurs in the way Windows processes .ani or Animated Cursor files, which allow Web sites to replace the regular cursor with cartoonish alternatives.
The flaw affects nearly all versions of Microsoft's Windows OS and is the third zero-day flaw that Microsoft has patched out of schedule since January 2006.
Companies tend to patch their machines on fixed schedules and may not immediately apply a patch when it's released, Paul said. Home users may automatically receive the patch if they are using Windows XP Service Pack 2, but users of older Windows OSes will not.
That's especially dangerous since the .ani problem doesn't require user interaction for a machine to be infected, said Graham Cluley, senior technology consultant at Sophos. Merely viewing a Web site engineered to exploit the vulnerability with an unpatched machine can result in an infection.
As a result, security analysts are generally recommending to apply the patch, even though Microsoft said Friday they were fixing compatibility problems with some applications.
What I want to know is, if it's that easy to identify web sites that are hosting the exploit, why aren't the web site operators being prosecuted? After all, it's still a crime to exploit security vulnerabilites to gain access to someone else's computer isn't it?
"What we've seen is that exploits tend to be used as long as they are effective,"
That's true, so it's a good idea to apply security fixes. If you leave your machine unprotected you are asking for trouble.
I think there's another factor to consider too. There aren't enough prosecutions of this type of crime. As long as people can be seen to get away with their criminal activities, other greedy or malicious people will see that and be encouraged to enter the fray.
I'm sick and tired of spam. Spam in my inbox. Spam attacks on the comment threads on my blog. Spam attacks via the trackback pinger. Most of the spam comes from bot nets. The bot nets are acquired by people exploiting security vulnerabilities in systems that are either unpatched because of user negligence, or unpatched because a solution to the vulnerability hasn't been found yet.
Spammers steal resources. They steal the CPU cycles and bandwidth of the people whose email they spam. They steal the bandwidth that web site operators are paying for, whether the spam is blocked or not. They steal the CPU cycles, bandwidth, and storage of the people whose machines they've infected and enslaved into their bot networks.
The people exploiting these flaws are compromising systems all over the world by the millions, with impunity. Seldom are they prosecuted.
One of the problems with trying to prosecute these crimes is that many of the people perpetrating them are in other nations. These criminals come from Eastern Europe and China. According to the article the reasons vary from trying to steal credentials for online games to trying to steal banking information.
If we can't prosecute them, we need to find other, more aggressive ways to stop this sort of international information warfare. Installing the latest security patches just isn't enough. Perhaps just as China is blocking certain sites (like mine) we should block the IP addresses of web sites that are known to exploit these flaws from being accessible in the U.S.
To quote Argus Filch: "I want to see some punishment!"
Trackposted to stikNstein... has no mercy, basil's blog, Pirate's Cove, The Pink Flamingo, Conservative Cat, Right Voices, and Gone Hollywood, thanks to Linkfest Haven Deluxe.
Trackback URI for this post: http://perrinelson.com/track.aspx?postid=598
Permalink URI for this post: http://perrinelson.com/2007/4/10/598.aspx
Subscribe to this entry's
comment feed. (Atom)
Comments to this entry are closed.