
Subscribe to
Computerworld
or
Other Security Stories
August 25, 2005 (IDG News Service) -- When the first extortion e-mail popped into Michael Alculumbre's in-box, he had no idea it was about to cost his business nearly $500,000.
The note arrived in early November of last year, as Alculumbre's London-based transaction processing company, Protx, was being hit by a nasty distributed denial-of-service (DDoS) attack. Zombie PCs from around the world were flooding, the company's Web site, Protx.com, and the transaction processing server that was the commercial heart of the business.
In the extortion e-mail's broken English, someone identifying himself as Tony Martino proposed a classic organized-crime protection scheme. "You should pay $10,000," Martino wrote. "When we receive money, we stop attack immediately." The e-mail even promised one year's protection from other attackers for the $10,000 fee.
"Many companies paid us, and use our protection right now," Martino's message said. "Think about how much money you lose, while your servers are down."
The attackers had one thing right: Online attacks can be expensive. A 2004 PricewaterhouseCoopers survey of more than 1,000 businesses in the U.K. found that companies spent an average of more than $17,000 on their worst security incident that year. For large companies, that amount was closer to $210,000, the study found. For companies of all sizes, most of the loss was due to the disruption in their ability to do business, with expenses for troubleshooting the incident and actual cash spent responding to it accounting for considerably less.
It's Expensive
Law enforcement authorities told Protx that it was the victim of Russian organized crime, Alculumbre says, but criminal extortion is not the only motivation for such attacks. In April, Australian antispyware vendor PC Tools Pty. became a target of spyware companies that didn't want users who were interested in PC Tools' spyware-cleansing software to reach the actual PC Tools Web site.
Customers whose PCs had already been infected by spyware were greeted with fake pop-up windows and shopping carts when they tried to purchase the company's Spyware Doctor product, said Simon Clausen, PC Tools' CEO. Instead of buying his company's antispyware software, they were tricked into purchasing useless products that left their computers infected, he said.
Even links that appeared to be from legitimate Web sites like Google or Download.com were modified on fake pages displayed to users, Clausen said.
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|



Security Management ZoneSecurity management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones
|
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.New baits |

"Security Directions" virtual trade show2008's Code-Red Security Issues for Protecting the EnterpriseWebcasts, white papers, demos, and more. Presented in a unique 3-d environment. Enter our show right now! Click here to enter
|

In SecurityThere's plenty of talk about how to behave during a Customs search of your computer and gear, but Jon Espenschied's got tips for securing your data (and privacy) before you reach the border. Click here to read the latest column by Jon Espenschied |
![]() |
Layered Security Solutions
Although basic network security issues have changed very little over the past decade, the
network security landscape has changed dramatically. Today's IT professionals still have the
primary responsibility of protecting the confidentiality of corporate information, preventing
unauthorized access, and defending the network against attacks. Security experts and analysts agree that a security solution comprised of multiple layers is the best defense against today's increasingly sophisticated attacks.Download this white paper
|
Universal Threat Management - Because Conventional UTM is Not Enough!
This white paper, written by Mark Bouchard of Missing Link Security Services, examines the challenges confronting today's enterprises with respect to managing threats on a network. It also discusses the need for "Universal Threat Management", which is a security solution approach for all physical locations within an enterprise that require threat protection.Download this white paper |
Selecting the Right Threat Management Solution
This short demo will guide you through key considerations for selecting a solution to manage threats on a network. Learn about the popularity of Unified Threat Management (UTM), and how it fits into an overall security solution. Explore critical elements of a network-wide solution for multisite and large network-size deployments and identify the four key features of a threat management solution.View this demo
|
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |
