dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

Name Game
Grand Rapids, MI

More criminals using legitimate websites to infect people

according to APWG

Commenting on the latest report from the APWG – which found that a growing number of legitimate Web sites are being compromised by cybercriminals as an infection launch pad – Avecto says this highlights the need for greater control over the admin rights for end users within organisations.

According to Paul Kenyon, Avecto's chief operating officer, these types of phishing scams are difficult to spot owing to the fact that the compromised pages are hosted as a directory on a legitimate Web site.

“After clicking through, the phishing email user sees a regular page on the Web portal of the organisation they think sent the phishing email - when in fact the message’s origin address has been spoofed”, he explained.

“Because the compromised pages are hosted on the supposed sender’s Web site, it all looks above board, until the user clicks on a link, and they are then infected. If the user has full admin rights on the system concerned, the organisation’s IT security is all but dead in the water,” he said.

If on the other hand all users on the company IT system are granted basic user rights – which are then only increased for a select few when using specific applications – the damage that the cybercriminals can do is significantly limited.

This security strategy, says Kenyon, is similar in principle to that used by sea-going super tankers, which have their hulls split into separate watertight segments. If one or two segments are holed below the waterline, the ship will still remain seaworthy.

It’s the same principle with Windows privilege management, he adds, explaining that even if a user’s desktop is compromised through the actions of its user – for whatever reason - then the facilities open to cybercriminals as a regular user are quite limited.

Most users on a company IT system, he explained, never need access to the high level features afforded to administrators. Because admin rights access allows users to bypass security and policy on the client environment, this means malware infections can quickly spread to other users.

The bottom line here, he says, is that malware with admin rights can steal passwords, identities and sensitive documents.

Gladiator Security Forum