NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
origin or signature or a presence on a blacklist, 188 is not enough to keep pace with the<br />
diversification and complexity <strong>of</strong> advanced web techniques being used by the<br />
criminals. 189<br />
Technological cat and mouse game<br />
The dynamics between the crimeware producers and the IT Security companies have<br />
been <strong>of</strong>ten described as a constant game <strong>of</strong> cat and mouse, since cybercriminals do not<br />
stand still when one <strong>of</strong> their avenues for distribution is closed. These dynamics were well<br />
represented by an example given by one <strong>of</strong> our interviewees, from an IT security<br />
company. One <strong>of</strong> the company’s services is managing their customers’ spam. But they<br />
face the increasing sophistication <strong>of</strong> spammers.<br />
Initially spammers used to disguise words with spelling mistakes to overcome the filters.<br />
When the IT experts realised this and devised ways to counter it, the spammers started<br />
sending messages embedded in a graphic instead <strong>of</strong> plain text, since they are harder to<br />
scan for spam filters. When this was detected and dealt with, spammers rapidly started<br />
using animation graphics to confuse the filters. They always seemed to be several steps<br />
ahead <strong>of</strong> the IT experts in security firms.<br />
Source: Interview Simon Heron, London 10 th November 2008.<br />
Criminals are also cleverly exploiting vulnerabilities in websites to plant malicious code in<br />
newly-discovered browser exploits 190 to infect the computers, crash the network or<br />
computers, and to solicit and steal data. According to a survey conducted by a large<br />
multinational IT company 94 per cent <strong>of</strong> all browser exploits in 2008 occurred within 24<br />
188 Blacklist detection is based on the detection <strong>of</strong> viruses through a black list constructed on the basis <strong>of</strong><br />
malicious code threats that have been identified in the past. However, this method has been largely criticized<br />
by its limitation to keep pace with the volume and variations <strong>of</strong> malware released every hour.<br />
189 Interview with Tim Warner, Finjan, 17 th November 2008.<br />
190 A browser exploit is a piece <strong>of</strong> code that exploits a s<strong>of</strong>tware bug (flaw, failure or fault) in a web browser<br />
such that the code makes the browser do something unexpected, including crash, read or write local files,<br />
plant a virus or install spyware. A web browser is a s<strong>of</strong>tware application, which enables a user to display and<br />
interact with text, images, videos, music, games and other information typically located on a web page.<br />
Examples <strong>of</strong> web browsers are Google, Mozilla Firefox and Internet Explorer.<br />
Page 63