91色情片

Hackers change tactics to crack open computers

Cyber-criminals are shifting their attention from operating systems to specific software programs, including media players and even anti-virus software

A major change in the methods used by hackers to break into computers has been revealed in a report issued by an influential research institute on Tuesday.

The study suggests that computer criminals have shifted attention away from bugs in operating system software, such as Microsoft鈥檚 Windows platform, to focus on flaws in individual software packages.

The non-profit SANS Institute, based in Maryland, US, reveals the change in tactics in its Top 20 report on software vulnerabilities.

鈥淲e are seeing a trend to exploit not only Windows, but other vendor programs installed on large numbers of systems,鈥 says Rohit Dhamankar, project manager for the report. 鈥淭hese include back-up software, anti-virus software, database software and even media players.鈥

The report says that, over the last five years, hackers focused predominantly on operating systems. The shift away from this has been brought about by greater focus on security from operating system developers, the researchers write.

They note, for example, that Microsoft now issues regular monthly software updates to plug holes in its operating system, prompting hackers to pursue bugs in individual software packages instead.

Entire networks

The types of bugs affecting operating systems and individual software packages are similar. Although the packages do not operate at the fundamental level of an operating system they can often access important parts of a computer, such as its temporary memory.

Dhamankar says targeting bugs in packages can be just as effective for attackers. 鈥淔laws in these programs put critical national and corporate resources at risk and have the potential to compromise entire networks,鈥 he says.

According to the SANS report, software used to back-up data is most commonly targeted by hackers. Ironically, anti-virus software is the next most popular target.

Buffer-overflow bugs

Several critical flaws have been discovered with back-up software over the course of 2005. The report notes that gaining access to a machine running back-up software will often provide large amounts of potentially valuable data, as well as broader access to a computer network.

Anti-virus software is particularly attractive to hackers because it is installed very widely and runs unobtrusively in the background on a machine. The Top 20 report notes that 鈥渂uffer overflow鈥 bugs have been reported with most leading anti-virus programs over the past year. This type of bug can be used to overwrite key portions of a computer鈥檚 memory, causing a system to crash or to rewrite key information.

The SANS Institute is one of the leading computer security certification organisations in the world. The report was compiled with the help of researchers from seven organisations, including the US government鈥檚 Computer Emergency Response Team (CERT), the British government鈥檚 National Infrastructure Security Co-Ordination Centre (NISCC) and companies Tipping Point and Qualys.

Topics: Computer crime