Fewer security incidents, but more annoyances
25th January 2005 (The Star)
By EDWIN YAPP

KUALA LUMPUR: There were no major security incidents reported in the fourth quarter of last year that could have had a severe impact on Malaysia's network infrastructure, said the Malaysian Computer Emergency Response Team (MyCERT).

However, there was an increase in incidents related to harassment, forgery and spam, the security organisation added.

Writers of malicious code -- such as viruses and worms -- seemed to have slowed down their activities in the last quarter, said Solahuddin Shamsuddin, MyCERT's manager.

"Most attacks we've tracked in the past followed a worldwide trend. Malaysia is no different from any other country and has also experienced a slowdown in security incidents," he told In.Tech on the sidelines of its quarterly report briefing here last week.

MyCERT (www.mycert.org.my), a unit of the National ICT Security and Emergency Response Team (Niser), is responsible for tracking and logging security incidents, and analysing major security incidents and trends.

The fourth quarter of last year saw a decrease in virus and worms incidents with a total of 32 cases reported, down 41.8% from the third quarter. There was also no significant worm outbreak in the country.

Solahuddin said this trend suggested that malicious code writers preferred to write trojans and backdoor programs instead of worms and viruses.

"The reason is basic: Worms and viruses only disrupt or destroy data; trojans have the potential to earn them money," he said.

A trojan is an unwanted piece of software which runs on a user's machine as an agent of the attacker, and works without the user ever knowing it is there. A backdoor gives a hacker secret access to a user's system.

Solahuddin however cautioned users not to let their guard down just because there were no major incidents reported recently.

"Although there were fewer incidents reported in the last few months, MyCERT predicts more attacks in the coming year," he said, although he did not give specific details.

"We also advise system administrators to be aware of what hackers are doing worldwide. For instance, users should take note of the hackers' global game called 'Capture the Flag' as reported last year in CNET," he said, referring to the online tech publication.

The report can be read at http://news.com.com/Hackers+plan+global+game+of+%27capture+the+flag%27/21 00-7349_3-5291107.html?tag=sas.email.

More harassment, forgery

MyCERT's latest quarterly report, which covered October to December 2004, noted that there was an increase in harassment, with a total of 26 cases compared with 12 in the third quarter -- a 100% jump.

Solahuddin said the majority of harassment incidents were committed using e-mail and web forums.

"We found an increase in irresponsible Internet users abusing web forums, Internet Relay Chat (IRC) and e-mail," he said, adding that users should report these incidents to MyCERT for further analysis.

MyCERT also noted that there was an increase of 51.9% in forgery cases in the fourth quarter compared with the third quarter. Out of the 41 forgery reports filed, 35 were related to phishing scams.

"These scams involved mimicking both local and foreign banks' websites in an attempt to get users to reveal confidential details," Solahuddin said.

Phishers try to trick users into disclosing sensitive financially-related information such as credit card numbers or online banking usernames and passwords.

Users who receive e-mail, purportedly from banks, requesting them to change their logon and password, should instead disregard the e-mail and report it to both MyCERT and the bank concerned, Solahuddin advised.

MyCERT's quarterly report also noted that spam continued to be a menace, accounting for 4,574 of the total 4,737 (96.6%) reports it received, up 26.2% from the third quarter.

Solahuddin said it was impossible to completely eradicate spam and users need to be aware of how spammers work.

He advised them to install spam filters on their machines.

MyCERT also received reports on port scanning and hacking attempts. In the fourth quarter of 2004, it received a total of 21 reports targeting organisations' and home networks.

"The ports most scanned are NetBIOS (port 137, 138, 139), HTTP (port 80) and SSH (port 22). They occur most actively when a new exploit has been detected and released to the public," said Solahuddin.

For more information on how to secure your network, surf to www.mycert.org.my/faq.