2 of 19

Write now Article Tools

With the advances in Internet based applications, commerce, and social networks, the potential targets available to hackers have exploded. Also, as the United States moves into more direct confrontations with potential enemies as a result of the 9/11 attack and the United States response of invading Afghanistan and Iraq, we are more apt to face a more organized hacker movement. The old model of a hacker who is a mischievous nerd must be abandoned and we now must address the problem of terrorist organizations who are adept at using hacking skills as a coordinated attack on the United States.

The immediate motivation was the January 2009 attack on Helium.com users by the AntiVirus 2009 as distributed from the Premiumlivescanner.com host name. It seems that hackers and malwear promoters have discovered a new way to spread malwear. In the early days, If you had virus protection, used linux, or even just avoided dicy web sites and redirections, you could, for the most part avoid malware attacks. The latest method of attack seems to use advertising marketing sites, such as google adsense to funnel adds which contain malwear to Google advertising clients.

The result is that when logging into a trusted site, that you have and expect to use routinely, you may be thrown into a malwear infection cycle through the use of advertising pipelines by rogue hackers.

When we see, malwear product that is attached to a web site domain name, the first thing a system administrator might do is use the whois.net database to look up the registrant of the domain name. In this case, the registrant appears to be a gentlemen in Yemen.

Without any further information, the combination of attack sophistication, and apparent lack of any potential financial gain seems to imply that this attack is motivated purely as a electronic terrorist attack. It is reported on many security related sites that "antivirus 2009", the product that is mentioned in this attack is a clone of a previous product, antivirus 2008. Why is it that sites associated with this product are not removed from domain name servers as soon as they are identified. As of this writing, "premiumlivescanner.com" is still a live link even though it has now been identified and discussed on the Internet.

Given the level of damage that can be done by taking this virus and spewing it through a popular web site by means of Google advertisements, we should be able to easily classify it's designers and deployers as guilty of felonys. To the extent that this attack seems to be the work of a terrorist organization, I am surprised that the U.S. government is not treating it as such.

The answer to this problem seems rather simple, and it is a wonder it has not been implemented yet. These malwear attacks work by changing and rewriting Windows system files. If Microsoft cannot or will not create a security system within Windows that prevents these files from being overwritten, then they should come out with a version of Windows that is on read only memory (ROM), and physically cannot be overwritten. If Microsoft will not do this, then someone else must come out with a device that will provide read only hosting for the windows operating system, and it must be mandated for use in all secure government and commercial uses of personal computers.

Learn more about this author, Jeffrey Graf.
Click here to send this author comments or questions.

Add your voice

Know something about Why hackers hack?
We want to hear your view. Write now!