-<3 Ways Internet CRIME has Changed>-DOJ threat scuttled Yahoogle deal Three ways Internet crime has changed
by Joan Goodchild http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9118882&taxonomyId=16&source=NLT_NTS&nlid=107 November 3, 2008 (CSO) Gone are the days when most hackers were looking for fame with a splashy, large-scale attack on a network that made headlines. Today's cybercriminals are quietly taking over vulnerable Web sites as part of an elaborate process in the underground economy. - Cupertino, Calif.-based security products provider Symantec publishes a biannual Internet threat report. Data collected through their managed security services are reviewed and analyzed for the report, which was recently published in its 13th edition. One trend highlighted in the report change is the motivation of hackers, according to the data. "The trend has moved from hacking attempts being done for notoriety to hacking for criminal intent and fraud," said Grant Geyer, vice president of Symantec Managed Security Services. How are cybercriminals working today? And what do you need to know to stay on top with your security strategy? Read on for the latest news on malicious Web activity. Botnets spearhead for-profit hacker activities The latest data from Symantec confirms that the Web is now an integral tool for criminals looking to make money (not merely mischief). Malware-infected systems are used as network of bots f or a wide variety of inappropriate activities. "Bots can do denial-of-service attacks; they can be used to send out spam, to send out phishing data, they can be the Swiss Army knife of malware distribution," said Geyer. "We're seeing more and more of both consumers, as well as corporations, being targeted by bots for malicious purposes." Bots, Geyer confirms, are being used as business model; part of the underground economy that is run and organized like any major corporation. (See CSO's Inside the Global Hacker Service Economy for an in-depth investigation of how such sites work.) "If you want access, if you want one of these bot networks to send out your specific spam message, you can purchase time on bot network; there are rates being established," noted Geyer. "Bots are also being used to steal confidential data. Credit card numbers are sold online. Market prices are established for that, too." Cybercriminals are quieter, and sneakier While early hackers wanted to make a big splash by attacking as many computers as possible in a show of genius and savvy for taking down network, now criminals don't want to be detected. Takeovers are done in a slow, methodical fashion. - "If you can go as slow and stealthily as possible and take over systems in a selective manner, you don't get caught. By not getting caught, you can use the systems you've taken over for a variety of purposes." Geyer said sites in the United States are consistently the top target worldwide. China is usually second and many countries in Western Europe also in the top 10. - In the first few years the report was published, the number of vulnerabilities in operating systems and software increased annually. The good news is that has begun to change in the last 18 months, said Geyer. Vendors have become more proactive about patching. The bad news is hackers have taken on other techniques to exploit a system and are focusing more on site-specific vulnerabilities. "Site-specific vulnerabilities are a lot harder problem to solve," said Geyer. "You can't just send out a patch and protect everyone if the problem is site-specific." (See The Chilling Effect for more detail on Web site vulnerabilities.) - Large organizations were the main target of attacks less than a decade ago; now the end user is the primary target, said Geyer. Phishing Web site hosts are dramatically increasing and so are new variants of malware. - "In the past 18 months, the increase is just staggering. So much is being introduced, organizations are having tough time. A lot of it is the same piece of malware that is tweaked to be slight variant of other pieces already written. It just shows how easy it is to write it and also that there is true financial gain. This is proving to be a good business model for people in the underground economy." ======== Yahoo says DOJ threat scuttled Google deal Contends that the Internet firms could have defended the proposal in the courts by Grant Gross http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9118882&taxonomyId=16&source=NLT_NTS&nlid=107 November 5, 2008 (IDG News Service) A U.S. Department of Justice plan to block Google Inc.'s proposed advertising deal with Yahoo Inc. led to the dissolving of the plan today, according to Yahoo.Google had pointed to continued concerns among U.S. regulators and Internet advertisers in its announcement earlier today, but it did not say that the DOJ was planning to block the deal. - The deal would have lead to a "lengthy legal battle," Google said. The deal, first announced in June, would have allowed Yahoo to run Google advertising on its search pages, and Yahoo had said projected that it would add $800 million to its annual revenue. - Yahoo, in a statement, expressed disappointment that Google backed out of the deal. " Yahoo continues to believe in the benefits of the agreement and is disappointed that Google has elected to withdraw from the agreement rather than defend it in court," the company said. "Google notified Yahoo of its refusal to move forward with implementation of the agreement following indication from the Department of Justice that it would seek to block it, despite Yahoo's proposed revisions to address the DOJ's concerns." - In a post on Google's public-policy blog earlier today, David Drummond, the company's senior vice president and chief legal officer, said that the controversy over the proposed deal had become a distraction top the firm. - "After four months of review, including discussions of various possible changes to the agreement, it's clear that government regulators and some advertisers continue to have concerns about the agreement," Drummond said. "Pressing ahead risked not only a protracted legal battle, but also damage to relationships with valued partners. That wouldn't have been in the long-term interests of Google or our users, so we have decided to end the agreement." - Drummond said that Google is also disappointed that it had to kill the proposal, but added that "we're not going to let the prospect of a lengthy legal battle distract us from our core mission. That would be like trying to drive down the road of innovation with the parking brake on." Google and Yahoo had voluntarily disclosed the deal's details to the DOJ, but the agency had yet to approve the proposal. Groups of Web advertisers had expressed concerns that the deal would lead to fewer options for Internet advertising and higher advertising rates. Google rival Microsoft Corp. also lobbied hard against the deal. The DOJ said the decision to call off the deal preserves competition in search advertising. "The companies' decision to abandon their agreement eliminates the competitive concerns identified during our investigation and eliminates the need to file an enforcement action," said Thomas Barnett, assistant attorney general in charge of the Justice Department's antitrust division, in a statement. "The arrangement likely would have denied consumers the benefits of competition -- lower prices, better service and greater innovation." - The deal as proposed would likely have significantly reduced competition in the Internet search advertising and search syndication markets, the DOJ said in a statement. "Yahoo is by far Google's most significant competitor in both markets, with combined market shares of 90% and 95% in the search advertising and search syndication markets, respectively," it said. "Yahoo provides an alternative to Google for many advertisers and syndication partners, and Yahoo recently had begun making significant investments in order to compete more effectively against Google." - The proposed ad deal was an attempt by Google to prevent Microsoft from buying Yahoo. Microsoft made several hostile offers to acquire Yahoo earlier this year.Google and Yahoo contended that the deal would not reduce competition in Web advertising, noting that the deal did not require that Yahoo run the Google adverts. Yahoo's search results would remain independent of Google's, and ad prices would be set through online auctions, the companies said. Drummond contended that the deal would have offered positive options for publishers, advertisers and Internet users "because it would have allowed Yahoo -- and its existing publisher partners -- to show more relevant ads for queries that currently generate few or no advertisements. - Better ads are more useful for users, more efficient for advertisers and more valuable for publishers." Yahoo will move forward with its business plans, the company said. "This deal was incremental to Yahoo's product road map and does not change Yahoo's commitment to innovation and growth in search. The fundamental building blocks of a stronger Yahoo in both sponsored and algorithmic search were put in place independent of the agreement." - Jeffrey Chester, executive director of the Center for Digital Democracy, a group focused on rights for Internet users, said he was happy to see the deal collapse. "We are pleased that Google finally understood that the proposed alliance with its leading competitor threatened competition. Much is at stake over the competitive landscape for online advertising," he said in an e-mail. "For too long, policymakers and regulators have failed to address the growing consolidation of control in the online advertising market. Today's announcement in its own way underscores what we have been telling officials: that a very tiny handful of global digital giants -- particularly Google - - is increasingly dominating the most prevalent way online publishing is financially supported." ===========