From the Security Experts

May 12, 2009

Eyeing Home Network Security, D-Link Brings CAPTCHA to Routers

By SIP Trunking Report Editor

At about 76 percent of all phishing attacks, software represents the largest doorway that cybercriminals such as hackers use to enter computer users’ systems and steal confidential information, IT security experts say.

One Cupertino, California-based security, storage and systems management solutions provider – Symantec Corp. – recently reported that it’s seeing malicious code grow at a record pace.
In recent weeks, more and more home and small office computers have seen their networks compromised by Internet security attacks that gain traction through the devices that many of us use to make our home-surfing lives more portable: routers.
In an effort to try and preempt the attacks, one Fountain Valley, California-based company recently launched a new system that prevents malicious software by detecting whether responses are generated by humans or computers.
Officials at D-Link say their so-called “CAPTCHA” system – short for “Completely Automated Public Turing test to tell Computers and Humans Apart” – helps identify and root out actions caused by worms, viruses and Trojan horses (think of the dreaded, evolving Conficker worm that attacked 700 computers at the University of Utah last month.)
A common type of CAPTCHA requires the user to type letters or numbers from a distorted image that appears on the screen.
“These malicious software invasions, in which users unknowingly download a Trojan horse when performing common tasks, invade the router to detect wireless capabilities, then alter the victim’s domain name system records so that all future traffic is diverted through the attackers’ network first,” company officials say.
It’s a problem that experts predict will pop up more and more frequently.
Here’s a look at how Symantec breaks down phish sectors by volume of phishing lures:
TMC President Rich Tehrani says the new CAPTCHAs from D-Link should ease some security concerns for computer users at home.
“The integration of CAPTCHA into home routers is a natural extension of this security technology and should cut down on the infiltration of malicious software, spyware and Trojans into home networks,” Tehrani said.
His fellow IT industry experts agree.
According to Stephen Trilling, vice president of Symantec’s security technology and response group, the company is seeing attackers shift away from mass distribution of a few threats to micro-distribution of millions of distinct threats.
“Cybercriminals are profiting from creating and distributing customized threats that steal confidential information, particularly bank account credentials and credit card data,” Trilling said. “While the above ground economy suffers, the underground economy has remained consistently steady.”
That recalls some of what TMCnet heard recently from the world’s largest maker of computer networking gear. Officials at Cisco Systems Inc. say that cyber-criminals’ attacks are becoming more targeted and sophisticated.
Also, security experts from Google Inc. told us in an interview that spammers are leveraging people’s fears in this down economy.
While the CAPTCHA system won’t prevent every type of computer security threat, the challenge-response test at least will raise the bar for cybercriminals seeking to invade home networks.

Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.

Michael Dinan is a contributing editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To read more of Michael's articles, please visit his columnist page.

Edited by Michael Dinan