For example, as computer users and network administrators learn to take virus protection more seriously, hackers are beginning to exploit a new avenue of attack: active components. These are modules of code, such as ActiveX controls or Java applets, that are passed between computers or applications. They are routinely, and legitimately, used in thousands of applications.

The potential for malicious active components, or malware, to be distributed over the Internet has been well known for years, but they have been overshadowed by flashier and faster-spreading worms and viruses.

Impact Unknown

Many analysts believe the actual incidence of this type of attack is very small. Gartner research director Ray Wagner told NewsFactor that although "the potential for malicious activity is great," there is little evidence of attacks, especially against home computer users.

In the same vein, Ian Robinson, director of enterprise products at Zone Labs, a supplier of firewall products, said, "There hasn't been an outbreak of these kinds of threats." Robinson added that his company, whose latest software version includes active component detection, is a step ahead of what he calls the "next generation of threats."

But a dissenting opinion was presented in a recent report by Aberdeen Group, which found that many computers contain "Trojan horse" programs that their owners and users are unaware of. Some of those programs probably arrived by e-mail, while others were unknowingly downloaded from Web sites.

Malicious code installed on victims' hard drives, according to the report, may be used for "electronic reconnaissance, electronic probing, mail marketing, spamming, electronic theft, cybercrime, cyberterrorism, electronic identity theft, and financial loss."

Hidden Code

One reason why experts differ about the incidence of attacks is that malicious code delivered through active components does not always make its presence known. As Aberdeen research director Eric Hemmendinger told NewsFactor: "We can't say what percent are impacted, but most of those who are impacted don't know it. What you don't know will hurt you, and you won't necessarily know it has hurt you."

Although active components can be designed to cause obvious harm -- wiping out data , for example -- they also can be programmed to reside quietly on a computer, sending sensitive information back to the computer that originally generated them. They could be used for industrial espionage or identity theft without the victim ever becoming aware of the attack. (Of course, as with all hacking, the range of motivation for any attack ranges from challenge to mischief-making to larceny.) (continued...)

1  |  2  |  3  |  Next Page >