PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Gangland Web Attacks

Robert Lemos
 & Robert Lemos

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

You Can Trust Our Reviews

Since 1982, PCMag has tested and rated thousands of products to help you make better buying decisions. Read our editorial mission & see how we test.

Deeper Dive: Our Top Tested Picks

Related:
Wikipedia Editors Could Strike Following LayoffsBlue Origin’s New Glenn Rocket Explodes Spectacularly During Ground TestGoogle Engineer Charged for Using Insider Info to Win $1.2M on Polymarket BetsThe Best and Worst North American ISPs for Work, Ranked by IT ProsIs Your Gmail Maxed Out? How to Clear Your Google Drive Storage Right Now

    Buying Guide: Gangland Web Attacks

    The increasingly frequent attacks in cyberspace make the Web look a lot like the mob-infested cities of the 1920s. Through spam, phishing attacks, and merchant fraud, online criminals are making a lot of money on the Internet, and they don't take kindly to anyone messing with their businesses.

    A particularly potent example of this came in May, when spammers targeted the Israeli antispam firm Blue Security for retaliation. Blue Security had created a small program called Blue Frog to turn a spam flood back on the advertiser, thus raising the cost of sending spam. The program would send a single opt-out request to the advertisers' Web sites for every registered user who received a spam message. Blue Security had about 500,000 subscribers to its service, so if a spam flood hit 20 percent of those users, then 100,000 opt-out requests would hit the advertisers who requested that the spam be sent.

    In revenge, one of the spammers—reportedly the one called PharmaMaster—attacked Blue Security and all Internet services associated with it for more than two weeks. The attack was so crippling that Blue Security was forced to close its doors.

    Criminals seeking profits on the Internet are perhaps the greatest security threat facing businesses. Online fraudsters gauge their power by the number of compromised computers, or bots, they can control through a central command network, known as a botnet. A discriminating online criminal no ­longer bothers with home PCs, because attack­ing them yields a small number of bots, and because a home PC typically operates with a low bandwidth. A company Web server, on the other hand, is an attractive target because it controls multiple systems with lots of bandwidth.

    An individual system that's been compromised allows the controller to grab personal data, send spam, or attack other networks. But a botnet consisting mainly of Web servers can wield such massive attacks on company bandwidth that it is much harder to shut down, sending nearly unstoppable floods of data at a target. (At times, Blue Security faced nearly 10 gigabits per second of data.)

    The duality of online servers—as both potential victims of and beachheads against Web attacks—should double the incentive for businesses and home users to lock down their systems.

    More people are putting up sites to collaborate or publish photos and blogs. Yet using software that has not had its code adequately audited for security problems is a sure way to become an unwilling draftee in some cybercriminal's botnet army.

    Small businesses should always ask hard questions about a Web product's security, such as how often the code is audited. Your IT should keep up to date with patches and security upgrades for all its Web software. For businesses, a regular security scan (such as ScanSafe or Acunetix) can provide peace of mind. And using a Web-application firewall can further harden servers against attacks.

    Being on the Web is a must for businesses today, but installing and forgetting about your Web software is no longer an option. Just as many businesses require security cameras, a Web site needs occasional attention to make sure that its users stay safe.

    Recommended by Our Editors

    Wikipedia Editors Could Strike Following Layoffs
    Wikipedia Editors Could Strike Following Layoffs
    Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
    Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
    Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets
    Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets

    Rob Lemos is a freelance technology journalist and the editor-at-large for Security Focus.

    Locking Down Code

    Open-source projects offer a wide variety of Web software to run your business or host your hobby. A few steps can help you lessen the chances of a security breach.

    1. Research the security history of the product Check the project to make sure it's actively maintained, browse forums to find posts on security issues, and make sure the developers have a transparent security process.

    2. Regularly update your software Flaws happen. When they do, update your site's software as quickly as possible.

    3. Consider a vulnerability scanning service If your users are giving you valuable information, a scanning service can flag the most important issues to be fixed.

    4. Use an application firewall Many flaws go undetected until an attacker uses them. An application firewall can flag odd behavior that may indicate a breach.

    Keep Yourself Safe!
    Subscribe to our Security Watch newsletter and get up-to-date info on the latest threats delivered to your inbox automatically: go.pcmag.com/securitywatchletter

    About Our Expert

    Read the latest from Robert Lemos

    Read full bio