SYDNEY (AAP)

Just when you thought your computer security issues were becoming remotely manageable, cyber attacks on PC users are becoming a lot more personal.With spam becoming an almost ubiquitous annoyance in most people's inboxes, hackers are now turning their attention to more refined methods of breaking into computers.Data protection specialists are now warning of an emerging trend in attacks, whereby hackers send malicious emails or trojan viruses to specific individuals rather than thousands of recipients.Michael Sentonas, the Asia Pacific engineering director for McAfee, an anti-virus vendor, said the new attacks represented a more sophisticated take on current tactics.

"What we're seeing is the types of attacks are very targeted - the scope in terms of the number of people that receive this is very limited," Mr Sentonas said."And they're quite well organised and well formulated pieces of code."We're obviously seeing a lot of these types of messages having success with people clicking on them and their information being unfortunately leaked."Spammers have typically cast a wide net in their attempts to harvest sensitive information from users.Often, all that is required for a hacker to break into a computer is for a user to click on a link or open a file attached to an email.

A piece of malicious programming can then install itself onto the user's computer.Such emails often require a lure of some sort, such as a fraudulent notice from a bank or a news alert.While progress is slow, net users are beginning to wise up to these scams, commonly known as phishing emails.However, those behind more specifically targeted attacks go to greater lengths to make their emails look significantly more legitimate.MacLeonard Starkey from the Australian Computer Emergency Response Team, which monitors suspicious cyber activity, said hackers were spending more time researching their targets.They were also less concerned with creating havoc for global systems and more interested in making money."Their aim is not to bring systems down, it's not to draw huge amounts of attention," Mr Starkey said."It's purely financial for the most part."Malicious codes that are able to install software on computers are increasingly coming into inboxes attached to Microsoft Word documents, rather than executable files, which most system defences block at the gate."With Word documents, people are more likely to open them, more likely to try and read the contents of the document, particularly when it's addressed directly to them," he said "That can lead to exactly the same kinds of thing with malicious code being installed."Once installed, malicious programs are able to log any keystrokes a user may enter - such as bank account details - and send this information to a hacker's own computer.

Alarmingly, most of the information a hacker needs to create a legitimate looking email is readily available through very public sites on the internet.Staff at companies and universities were typically targeted using such methods."Most of the time companies will put their board of directors on their website," Mr Starkey said."In some cases they may even include email addresses."When you get places like universities we have an almost complete listing of everybody that works for the university which is publicly available."The bait can include a report that mentions a targeted company or even an staff member's family relation."If you can make something so appealing to a user that they feel like they must click on it, then they will," he said.
(23/02/2007 10:47:15 AM)