Better Safe Than Sorry

The Scrap Value of a Hacked PC

Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common -- yet often overlooked -- ways that cyber crooks can put your PC to criminal use.

The graphic above (click it for a larger version) shows the different reasons criminals may want access to your system. I've explained each category in more detail below:

Illicit Web Hosting

Cyber criminals commonly use hacked PCs as a host for a variety of dodgy Web hosting schemes, including:

- Spam Web sites

- Phishing Web sites

- Malware download sites

- "Warez" servers, or hosts for pirated software and movies.

- Child pornography servers

Zombie Grunt Work

Infected PCs also frequently are turned into zombies designed to carry out all sorts of monotonous, repetitive tasks for cyber crooks, such as:

- Relaying junk e-mail

- Participating in so-called denial-of-service attacks designed to extort money from Web sites by pelting them with massive amounts of bogus Web traffic if they refuse to pay protection money;

- Engaging in "click fraud," which uses zombies to gin up fake mouse clicks for networks of phony Web sites that siphon money from advertisers.

- Serving as a proxy through which bad guys route their Web traffic.

- Providing computational power that criminals use to help solve CAPTCHA challenges, the squiggly lines of numbers and letters many free Web mail services require you to solve - designed to tell humans apart from zombies.

E-Mail/Webmail Attacks

An infected PC potentially has great value to spammers and attackers beyond simply acting as a relay for junk e-mail. For example, compromised systems typically are harvested for e-mail addresses that will be sold and used in future phishing and spam attacks.

An attacker doesn't need to compromise an Internet user's computer to wreak havoc with their identity and online life. A compromised Webmail account, for example, can yield a bounty of useful information because many people often will use the same e-mail address and password for multiple services. (Even if the victim uses different passwords at each service, usually those passwords can be reset as long as the attacker has access to the victim's inbox).

Hacked Webmail accounts also frequently are used to scam the victim's friends. Sometimes, crooks will use a hijacked Webmail account to blast out tailored spam to all of the victim's contacts, usually recommending some no-name, bargain basement e-commerce site that is set up merely to steal credit and debit card information.

Another long-running scam involving hacked Webmail accounts goes like this: Scammers blast out a note to all of the victim's contacts, claiming that the victim has become stranded in some foreign country and desperately needs friends and family to wire money.

Account Credentials

Any stored credentials -- particularly user names and passwords for online services - are fair game on hacked PCs. Stolen eBay credentials often are used to abuse the victim's good reputation and used to list non-existent or stolen items for auction. Compromised Paypal records can aid in these bogus auctions as well, or drained of its funds. Credentials for voice-over-IP or Internet-based telephone services like Skype also are a hot item on underground cyber criminal forums, because they can be used to mask the caller's location and aid in a variety of scams.

Credentials that victims use to administer Web sites -- even social networking site Web pages -- can be of huge value to cyber crooks. A number of automated threats will scrape credentials that victims use to transfer files to and from any personal or professional Web sites they may administer. Stolen file transfer protocol (FTP) credentials, for example, give attackers control over the victim's site, which is often then use to host malicious programs or other illicit content that helps further a variety of online criminal schemes.

Finally, credentials that allow access to the network of the victim's employer or company can be of great interest to digital thieves. In many corporate environments, employees cannot log in remotely without having a special, password protected encryption certificate saved on their computer. Some families of malicious software -- including the Sinowal or Torpig Trojan -- will try to steal these certs from infected systems.

Virtual Goods

Virtual goods, those that have seemingly intangible value, are among the most sought-after commodities in the general hacking scene. Entire families of malware exist to harvest license keys for thousands of computer games and steal credentials that gain access to online games in which a player's worth is determined largely by the amount of virtual goods his or her character has amassed. There is a mature, multi-billion dollar market for these accounts, and the goods themselves, at least some of which is stolen from compromised PCs.

Financial Credentials

When casual Internet users think about the value of their PC to cyber crooks, they typically think stolen credit card numbers and online banking passwords. But as we have seen, those credentials are but one potential area of interest for attackers.

This is by no means an exhaustive list.

By Brian Krebs | May 26, 2009; 2:12 PM ET

Original post: http://voices.washingtonpost.com/securityfix/2009/05/the_scrap_value_of_a_hacked_pc.html