Security Professionals Detect Malware Attack Involving Use of URL Shortening Services
Recently, security researchers at Internet security firm Symantec identified a malware attack involving use of URL shortening services. Cybercriminals allegedly send a cleverly crafted e-mail, which appears to arrive from an Inter-bank funds transfer service. The e-mail informs the recipients regarding the cancellation of one of the funds transfers done by them. Recipients are required to click on a supposedly PDF link to know the reasons for cancellation. However, the link actually directs to a shortened URL, which leads unwary victims who click on the link to a malware ridden and heavily obfuscated website. The malicious page attempts to download malware through Java, PDF and Windows Help Center and several other exploits. According to security researchers of the Internet security firm, the offenders are using hundreds of shortened URLs to link to the malware.
Over the years, cybercrime has evolved both in terms of nature and scope of attacks. Cybercriminals make continuous alterations in the modus operandi to escape detection. They use social engineering techniques like phishing and spear phishing to sniff confidential information, use botnets to launch distributed denial-of-service attacks, use browser tools, malvertizing and search engine poisoning to install malware. Cybercrime has evolved as a well-organized but illegal business activity. The sophisticated threats emanating in the cyber-space has resulted in increased demand for professionals qualified in computer science degree, masters of security science and security certifications.
Internet users must avoid clicking on suspicious links and links directing to shortened URLs. Shortened URLs are widely used in microblogging sites such as Twitter. Users are not able to view the exact URL of the sites and fall prey to malicious scams. Internet users must confirm the authenticity of suspicious e-mails appearing to be arriving from banking and financial institutions by directly contacting them on the legitimate contact points. They must regularly update the security software to guard against spyware and malware attacks. Adherence to security and software updates by Internet security firms and developers would help Internet users in protecting their computer systems from sophisticated threats. Internet users may also follow security blogs, e-tutorials and benefit from online degree courses to enhance their cyber security awareness.
Cybercriminals also register several domain names similar to those of legitimate organizations to defraud users and gain unlawful benefit. Distance learning and online university degree programs may help IT professionals to self-pace their learning and fulfill training requirements crucial to combat the ever evolving security threats.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Processing your request, Please wait....
