A few years ago I delivered a very popular presentation I called "Anatomy of a Hack." Well, actually, I called it "How to Get Your Network Hacked in 10 Easy Steps" but the marketing department at my previous employer thought that title was a bit, edgy, so they renamed it. The Chinese called it "Anatomy of a Hacker" at TechEd China in 2005, but that's another story altogether. The presentation, which is actually documented in Protect Your Windows Network, had me wandering through an entire network once I got a foothold on one computer.
For the past couple of years I've been telling people that the future of attacks are against people, not networks. In June I got further confirmation of that. A notification came in from my blog that I had a new comment to approve. The comment was just a link, looking like this one:
A Comment has been posted to Jesper's Blog: Hey, Mozilla: Quotes Are Not Legal in a URL by Google Images:
images.google-us.info/index.html Google Images
This looked suspicious enough so I started investigating a bit. What I found just hit the net on The Register. I thought it made an interesting tale of how the bad guys are trying to monetize their handiwork. Sandi has also written about this on her blog here, and here, and here…
On a very much related note, I will actually do a live walkthrough of this type of attack at TechEd EMEA ITPro in Barcelona this coming November. Yes, that's right, I'm going back to TechEd. Hope to see you there!