Spammer and hacker, two old friends

Spammers are always looking for new ways to bypass filters and spread spam content. Currently, spammers have not only improved their spam methods but have also moved towards exploiting software security vulnerabilities in order to spread their spam content. Spammers use weaknesses inside web applications to inject their spam content into legitimate websites, redirect users to their own campaign, misuse web users resources, and hide their footprints. In this paper, we investigate security vulnerabilities that are exploited by spammers. We explain these security vulnerabilities, list their importance and provide a scenario of how spammers can exploit them. Additionally, we discuss two possible solutions to counter problems by patching and secure software development. The result of our work highlights importance of concerning security best-practices in developing secure software which lack of that would result to demotion of website popularity, blacklisting of website and lose of users' trust

E - BUSINESS SAFETY

Na razvoj e-poslovanja sta v veliki meri vplivala razmah in vsakodnevna uporaba interneta. E poslovanje, kot ga poznamo danes, omogoča hitrejše, učinkovitejše in cenejše poslovanje ter s tem podjetjem in drugim uporabnikom prinaša številne prednosti. Pri klasičnem poslovanju so veliko oviro predstavljale razdalje med posameznimi uporabniki, saj so upočasnjevale poslovanje in povečevale stroške. E-poslovanjem pa je odstranilo tudi to oviro, kajti vse, kar je potrebno za izmenjavo podatkov, je internetna povezava. Vendar pa ima e-poslovanje poleg pozitivnih tudi negativne lastnosti. Z naraščanjem e-poslovanja namreč narašča tudi število napadov in računalniški kriminal. Med zlonamerne programe, ki predstavljajo nevarnost e-poslovanju, spadajo trojanski konji, računalniški virusi in črvi, skrivna vrata, ribarjenje ipd. Velika slabost e-poslovanja sta zanesljivost in varnost, saj ju ni mogoče popolnoma zagotoviti. Pri e-poslovanju se dnevno izmenjujejo pomembni podatki in informacije, ki so velikokrat zaupne narave, in izguba teh podatkov ima lahko za podjetje katastrofalne posledice. Ravno zaradi tega se vsa podjetja in drugi uporabniki trudijo vzpostaviti in ohranjati ustrezno varnost podatkov, ki pa je vedno bolj ogrožena zaradi vse večjega števila napadov. Pri podjetjih je varnost podatkov zaradi velikega števila zaposlenih še toliko bolj pomembna. Kajti več je uporabnikov, večja je verjetnost za napake, na katere prežijo nepridipravi. Napadi se izvajajo neprenehoma in njihovo število narašča, kajti za napad na računalnik je potrebno le nekaj znanja računalništva in iznajdljivost. Za čim boljšo obrambo pred temi napadi je potrebno izvajati ustrezne varnostne ukrepe. Podjetja in uporabniki za varnost podatkov skrbijo z varnostnimi mehanizmi, ki jih namestijo na svoje računalnike. Obstaja več različnih varnostnih mehanizmov, katerih naloga je preprečevanje vdorov in napadov ter s tem ohranjanje varnosti podatkov. Med varnostne mehanizme uvrščamo digitalne certifikate in podpise, kriptografijo, protivirusne programe, požarni zid, muholovce ipd. Pomembno je, da se zaščita prilagodi glede na potrebe in dejavnost uporabnika. Podjetja namreč potrebujejo močnejšo zaščito kot posamezni uporabniki, ki uporabljajo e-poslovanje za lastne potrebe. Podjetja se morajo zavedati nevarnosti in biti pripravljena na napade in vdore. V ta namen morajo neprestano izobraževati zaposlene in imeti jasno opredeljeno varnostno politiko. Najbolj pomembno pa je, da jo dosledno izvajajo. Vsi uporabniki morajo posodabljati svoje varnostne mehanizme in imeti nameščene najnovejše različice. Zavedati se morajo ranljivosti gesel in jih izbirati premišljeno ter redno spreminjati. Podjetja morajo poleg varnostnih mehanizmov uporabljati tudi ukrepe samozaščite in s tem pripomoči k zaščiti in varnosti podatkov. Varnost podatkov pri e-poslovanju je vedno pod vprašajem, kajti vsako leto nastane več milijonov novih različic zlonamernih programov. Varnostne programe je težko razvijati, saj novi zlonamerni programi niso vnaprej znani. Zaradi tega je potrebno uporabljati kombinacijo varnostnih mehanizmov, da je možnost odkritja zlonamerne kode čim večja. Uporaba le enega varnostnega mehanizma v današnjem času ne more zagotoviti optimalne varnosti, ki jo želi uporabnik. Za podjetja je zato priporočljivo, da se glede tega posvetujejo s strokovnjaki in skupaj najdejo kombinacijo rešitev, ki jim bo nudila najboljšo možno zaščito. Na podlagi letnega poročila za leto 2012 podjetja Panda Security smo ugotovili, da so največje število groženj predstavljali trojanski konji. Sledijo jim črvi, na tretjem mestu pa so virusi. Prav tako je bilo število okužb za vsako kategorijo zlonamernih programov največje pri trojanskih konjih. Kljub povečani aktivnosti na področju zlonamernih programov pa se je število okuženih računalnikov po vsem svetu leta 2012 v primerjavi z letom 2011 občutno zmanjšalo. Za zagotavljanje varnosti e-poslovanja je v skladu z varnostno politikThe overall presence and everyday use of the internet have greatly influenced the development of e-business. E-business, as known today, enables faster, more effective and cheaper operations, thus offering companies and other users numerous advantages. The distances between individual users represented a considerable obstacle for conventional business, as they slowed it down and increased the costs. However, e-business overcame this obstacle, as everything that is need for the exchange of information is internet connection. Nevertheless, besides positive, e-business also has some negative characteristics. As the presence of e-business grows, so does the number of attacks and cybercrime. Malware programmes, which are a threat to e-business, include Trojan horses, computer viruses and worms, back doors, phishing etc. Major weak points of e-business are trustworthiness and safety, as they cannot be fully ensured. E-business involves daily exchanges of often confident data and informationtherefore, their loss can have catastrophic consequences for a company. Bearing this in mind, all companies and other users try to establish and maintain adequate safety of datahowever, it is being put at risk by an ever-growing number of attacks. The aspect of safety is even more important for companies, as they have a larger number of employees. Because the higher the number of users, the bigger the potential for mistakes, on which criminals prey. The attacks are being carried out continuously and are more and more common, as all that is need for an attack on a computer is some computer knowledge and a bit of resourcefulness. Adequate protection measures need to be implemented in order to achieve the best possible protection from these attacks. In order to ensure the safety of data, the companies and users use safety mechanisms that they install on their computers. Numerous safety mechanisms exist and their role is to prevent the attacks and break-ins, thus safeguarding the safety of data. Safety mechanisms include digital certificates and signatures, cryptography, antivirus programmes, firewalls, honeypots etc. Protection measures need to be adapted to the needs and activity of the user. The companies need stronger protection than individual users, who use e-business for their own needs. The companies need to be aware of the risks and be prepared for attacks and break-ins. For this purpose, they need to constantly educate their employees and have a clearly defined safety policy. But it is the consistent implementation of this safety policy that is of utmost importance. All users need to regularly update their safety mechanisms and have the latest varieties installed. They need to be aware of vulnerability of password and choose them cautiously as well as change regularly. In addition to safety mechanisms, the companies also need to implement self-protection measures, thus improving the protection and safety of data. However, the safety of data in e-business is always at risk, as every year several millions of new malware varieties are developed. Because new malware programmes are not known in advance, developing safety programmes constitutes a difficult task. Due to this situation, a combination of safety mechanisms needs to be used, so that the probability of discovering malware threats is as high as possible. Nowadays, the use of just one safety mechanism cannot ensure optimal safety that the user wants. It is therefore advisable for the companies to consult with specialists regarding this issue and collaborate on finding a solution that would offer them the best protection possible. Based on the annual report for 2012 by the Panda Security we established that the biggest threat was posed by the Trojan horses. They are followed by the worms and the viruses. The number of infections for each category of malware was also the highest for Trojan horses. Despite increased activity in the field of malware the number of infected computers worldwide decreased in comparison with 2011. In order to ensure the safety of e-