End of the phishing line?

This week the focus is on combating phishing, the MS Vista delays, different kinds of malicious malware, and a kind of "Idols" for security geeks.

Interpol, at an anti-phishing conference in Brussels on Monday, said politicians are largely unaware of how criminals are using technology for money laundering and are therefore not investing money into it.

Bernhard Otupal, crime intelligence officer for Interpol`s financial and hi-tech crime unit said, "There are not enough trained people [in the police] who know how to deal with the Internet and find information."

Although new legislation is making it more difficult for online scammers to succeed, there are still too many countries that are failing to stop them altogether, Otupal added.

So what can be done to squish the phish?

Politicians are unaware of how criminals are using technology for money laundering and are therefore not investing money into it.

Ilva Pieterse, ITWeb contributor

A remedy comes as part of Microsoft`s Global Phishing Enforcement Initiative. Not the first time MS and Interpol have joined forces, with this drive they aim to stop cyber criminals behind phishing attacks. In fact, by the end of the June 2006 they intend to have initiated legal actions on more 100 cases, adding to Microsoft`s track record of 4 744 phishing site shut-downs to date.

Paul Judge, chief technology officer at CipherTrust, praised Microsoft`s efforts and said of the scammers: "Hopefully they will walk the other way and think of more useful things to do with their time." We can only hope.

There are further delays to Microsoft`s Vista with the expected consumer release date January 2007. This means almost six years will have passed since the previous operating system, Windows XP, was launched in late 2001. Apparently, the delay is due to security-improving efforts.

Is Microsoft taking on too many projects? Perhaps there should be a little less focus on overthrowing the world`s phishing scammers and slamming the idea of $100 laptops, and just get a move on before our existing operating systems become grudgingly obsolete.

There is warning of a rather slippery kernel-level rootkit linked with a data-stealing Trojan. It can survive a reboot, runs in safe mode and doesn`t need a separate process to run. It can also determine passwords that have been used even before the PC became infected.

Since the rootkit can only be installed from malicious Web sites, it could very well be a vigilante virus.

Since its sinister release last Thursday, it has stolen over 40 000 user names and passwords from its unsuspecting victims. Security companies are advising the use of layered security, and cautioning surfers to stay away from illegal Web sites.

As if that wasn`t scary enough, some of these stats are straight out a of a horror film. StillSecure, a Colorado-based security firm, has spearheaded an ongoing endpoint surveillance project and found not only can many kinds of attacks bypass traditional security measures, but it came up with the following facts:

* Malware can hide from anti-virus, anti-spyware and anti-rootkit technology.
* Malware can be detected by security tools but cannot always be deleted.
* Most components of malware are visible to anti-virus and anti-spyware tools, but are expendable; any components of the virus that remain after the anti-virus cleanup are often capable of replacing deleted files.
* Pop-up windows dupe end-users into clicking on malicious sites.

"IT administrators shouldn`t be content to simply update anti-virus software and deploy the latest security patches," advises Mitchell Ashley`s, CTO and VP of StillSecure.

The Georgia Institute of Technology has hosted a competition, judged by a panel of mean critics, to give students a chance to compete with their peers for making information security more user-friendly.

"People are the weakest link in any security systems," Georgia Tech associate professor Keith Edwards said. "You can have the strongest technology in the world, but individuals will intentionally find a way to work around the security technology to make their lives easier."

This year, the three winning projects include technology that helps users understand the cyber-neighbourhoods they browse, configure networks by creating visual links between devices, and troubleshoot through data mining existing Internet-based solutions."

Sources used: The Register, VNUNet, SearchSecuriy.com, IOL.com