Advertisment

Ho Ho Ho, beware of Satan Claus!

author-image
CIOL Bureau
Updated On
New Update

MUMBAI: Websense Security Labs has come out with top tips to avoid getting more than you bargained for this Christmas online shopping.

Advertisment

The words ‘Christmas’ and ‘Shopping’ go hand in hand and last year UK consumers spent £4.67bn shopping on the Web in December alone with £102 million being spent online on Christmas Day itself.

This year a recession weary population is hungry for bargains and many of them will once again grab the chance to beat the crowds and shop online.  eBay is predicting 85 per cent of consumers will maintain or increase their online shopping this Christmas and studies show that 93 per cent of consumers plan to buy a gift online this Christmas.

Carl Leonard, Senior Security Research Manager, Websense Security Labs has some caveats.

Advertisment

First, he says is to stay away from the 'Bargain' Store Scam.

One of the major attractions about purchasing things online is that there are often bargains to be had.  While looking for a good deal we may be tempted by low prices and forget to look at who we’re purchasing from. Cyber criminals are all too aware of this and create fake online shops to harvest credit card details and use them for their own gain. Products are often offered at much lower prices than on the high street, however no parcel will be sent. Your credit card may be charged anyway and the card details sold on the black market. 

Now what does it translate into for enterprises?

Advertisment

The lines between work and play have blurred, and a happy employee is seen as a key to success. Many people can make good use of their time by Christmas shopping during their lunch hour, and using their work address to make parcel deliveries easier. Not having to battle with the lunch time or weekend rush makes for a less stressed and more productive workforce, Carl explains.

Companies don't need to limit the amount of access employees have to the Web - they need to deal with the threats more effectively. By setting realistic Web usage policies your staff will be encouraged to shop safely online during lunch break or out of office hours. Security solutions which categorise new sites and dynamic content in real-time, and proactively discover security risks are designed to enable safe and productive use of the Internet.

Advertisment

Second area is that of the Fancy Dress Disguise. Businesses should also keep in mind that blended threats (spam emails with embedded URLs) are on the increase and on average 85.6 per cent of all unwanted emails contain links to spam sites and/or malicious Web sites.

In the run-up to Christmas many people will send e-cards to friends and associates or a link to an amusing video clip. Unfortunately these can sometimes contain hidden malicious extras, or the email may be a phishing scam in fancy dress. Embedded beneath the jolly Father Christmas images can hide malicious URL’s containing links to malware or exploit code. This technique is continually evolving to increase the success rate with new attacks becoming more sophisticated in terms of the imagery and lures utilised.

A security solution that integrates Web security and email security should be able to identify links in an email and trace them back to malicious sites or content. Based on this accurate identification, solutions should be able to act in real-time to block the email and any other attempts to access that Web site, view content, or transmit data to that destination.

Advertisment

Reputation based monitoring is no longer an effective method of protection. Your security solution should be able to understand Web sites, Web content, applications, and malware beyond reputation alone, considering usage and Internet context for a real-time risk assessment. Only with this level of understanding can threats be blocked accurately and in real-time. Even if a well known and trusted site with a good reputation were compromised, the threat would be prevented.

Also, watch out for unwanted gifts.

Social engineering is the name given to the art of tricking a user into performing an action. Rogue Anti-Virus software is an example of a social engineering technique seen a lot by Websense Security Labs.  When browsing you might see a pop-up explaining your computer may be infected and offering to perform a free Anti-Virus scan.  Don’t be fooled, there is no scan, instead they will simply claim to have found a virus on your machine. You’re not really infected but this may encourage you to download or even pay for their (fake) Anti-Virus Software which is actually malicious software. Now the hackers have your credit card details and control of your computer.

Advertisment

A business should look for a secure Web gateway solution that provides advanced analytics—including rules, signatures, heuristics and application behaviors—to detect and block proxy avoidance, hacking sites, adult content, botnets, keyloggers, phishing attacks, spyware, and many other types of unsafe content.

The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines. Benign code is embedded in a Web page. When a user visits the page, a small JavaScript routine will slowly request more code from other Web servers a few innocuous bytes at a time. The bytes are stored until all the information has been transferred then the exploit is triggered.

It’s a bit like sending a jigsaw one piece at a time. It’s not until all the pieces are collected and put together that the whole nasty picture becomes clear. By this time – the bad guy is already in and can now go on to disable your antivirus and take over the computer

The entire process—from data being transferred over the network to triggering JavaScript —can slip under the radar because no malicious content touches the file system. It's done completely in memory, and content is transferred in such tiny fragments that antivirus engines don't have enough context to match any signatures. The answer lies in solutions which scan active content, it is important not only to look at static content that has been put on disk but to be able to detect changes inside of the browser.