Cyber Attackers Move To Abandoned Sites
According to Jim Melnick of VeriSign, since administrators no longer monitor dormant websites, they are places for creating innumerable online markets for miscreants. These sites are often typical harbors for advertisements of stolen software or personal information and go unnoticed. For instance, a page on 'Boston-based band Beatsoup' included several postings supplying hacking programs, stolen software and sometimes ads for credit card numbers and Internet banking logins.
Online attackers employ a 'shell script and terminal emulator' to find and exploit flaws in servers and websites. These techniques are most effective on deserted server accounts and inactive domains. After getting access to the server or site, the cyber criminal can use it to hijack other sites with the only objective of causing malicious disruption.
The cyber criminals use their tactics to create a tiny, '1-by-1-pixel element' on a Web page that connects to a different site. The site that they hack does not give any clue of the hijack, which allows the criminals to hide. All that the attack involves is to load the hacked site with malware, so that any visitor to the site become victim to malicious download.
McAfee SiteAdvisor used a site named "Load2Load.net" to vigil 130 sites. This Load2Load.net,though is inactive, but is still dangerous to visit because it is a storing place for malicious code. There are reports from users that sites hacked using 'Load2Load.net' have frozen their PCs, when malware infected their systems.
When authorities find it hard to locate the owners of abandoned sites to find the source of the logs posted or to remove them, they shut down the particular site. But this doesn't make much difference as criminals smartly shift their activities elsewhere.
Security experts, therefore, recommend users to be careful while trading on a dormant website. Users must contact the card dealers before making any purchase through these sites to verify the existence of the operation.
Related article: Cyber Child abuser Sentenced To Imprisonment
» SPAMfighter News - 13-10-2006