Computer Crime Research Center

hack/id_th2.jpg

Computer crime: hackers shifted from OS to Apps

Date: November 23, 2005
Source: REUTERS


Online criminals shifted their attacks in 2005 from computer operating systems such as Windows and others to media players and software programs, according to a study released on Tuesday.

Among the software programs that attackers are now targeting are anti-virus software as well as programs used to listen to online audio and video programming, according to the SANS Institute, a nonprofit research group based in Bethesda, Md.

Attackers are changing their targets after Internet service providers and operating systems designers such as Microsoft started shoring up their systems following a barrage of worms, viruses and other online threats in recent years.

The group's "SANS Top20" report identifies the 20 most targeted software flaws that criminals use to infiltrate computers.

Top Windows vulnerabilities include Microsoft Corp.'s Internet Explorer Web browser and Windows Office and Outlook Express. The report also listed Apple Computer Inc.'s Macintosh operating system as a top vulnerability among Unix operating systems.

Apple's OS X operating system is based on Unix, a heavy-duty operating system used principally in corporate data centres and high-powered computers.

Network devices such as routers and switches that direct Internet traffic also are being targeted, SANS said. Cisco Systems Inc. made the list with its "IOS" router product line.

"Network devices often have on-board operating systems and can be programmed like computers," the group said in a statement. "Compromises of network devices can provide attackers one of the most fruitful platforms for eavesdropping and launching targeted attacks."

SANS released the study in cooperation with the U.S. Department of Homeland Security's Computer Emergency Response Team, the UK's National Infrastructure Security Co-Ordination Centre and Canada's Cyber Incident Response Centre.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo