Under Attack - A Quick Overview of Major Threats

[wenwilder]

I try to stay abreast of the latest news in malware and now-and-then I run across an article I believe would be helpful to others. Aston Fallen, the CEO of security software developer Steganos, wrote an informative article I believe should be shared. (submitted 10.17.06)

Full Article Below:


If your digitally stored information fell into the wrong hands, it could expose you to threats of identity theft, fraud or blackmail. While early malware (malicious software) caused inconvenience, annoyance and data loss, today’s malware is increasingly developed to steal your security credentials or take ownership of your computer. Don’t fret - here’s our guide to the most common threats and how you can defend yourself.

Viruses and worms
The computer virus is now over 20 years old, but it’s still causing havoc in its various incarnations. Viruses are programs that surreptitiously install themselves on computers and replicate by attaching themselves to other programs or files. In the 80s, they copied themselves from disk to disk. Now, they email themselves with alluring subject lines designed to persuade recipients to open the email and the attachment, exposing the user to the virus. Worms are like viruses except that they spread without needing a host file, sometimes by exploiting bugs in software to ensure they are executed.

Over the years, some viruses have had a destructive payload – wiping data – and others have just annoyed users with irritating messages. Now criminal gangs are exploiting them to take ownership of machines so they can be used for spamming, and to spy on computer owners and steal their financial information. For that reason, viruses are working harder to remain hidden. Today, the first symptom of an infection could be an empty bank account. To protect yourself, install antivirus software that prevents installation, scans all incoming and outgoing data and regularly scans your computer. Don’t open unsolicited attachments, even if they appear to come from someone you know. Persuade your friends to use antivirus software too: many of the threats that are still running wild have been preventable for years and can only spread because users don’t protect their computers.

Trojans
The wooden horse of Troy has inspired the naming of another class of threats. In the same way that the Trojans brought a wooden horse full of enemy fighters into their armored compound, victims of computer trojans will deliberately run a program they’ve downloaded or received. It might be legitimate software that’s been tampered with, or it might be a trivial application designed to hide its true purpose. Trojans will often open a backdoor on the computer so that all its data and resources can by used by a hacker. In other cases, trojans will be used to install mass mailing software so that exploited computers can be used to send spam. To protect yourself from trojans, only run software from trusted sources and scan your computer regularly with reputable internet security software.

Spam
Because email is cheap to send, it’s abused by shabby businesses trying to make a quick buck. Network management company Ipswitch estimates that 70% of all email received is spam, or unwanted advertising. Spam clogs up the internet, increasing the costs to ISPs and end customers of handling email. A good first defense is not to give out your email address, although this is imperfect because spammers often target addresses they make up in the hope of finding a new address. If you do give out your address, look for guarantees it won’t be used for advertising or shared with others first. By using a spam filter, you can screen out messages and make it easier to identify genuine messages from friends, family and organizations you do want to hear from. The filters can be configured to understand what you consider to be unwanted mail. Above all, never buy anything from or act on an unsolicited email. If spam wasn’t profitable, spammers would crawl back under their rock overnight.

Phishing
Phishing is a type of spam that attempts to con people into parting with their security credentials for a financial services or e-commerce website. Ipswitch says it’s the second most common type of spam, after mails punting medication. In a phishing attack, a bulk email is sent that claims to come from a major bank or business organization, usually asking people to log in to verify their accounts. The login links in the email go to a spoof website, set up to gather identities and passwords so they can be used to empty the real bank accounts or trade on the victim’s credit. A first line of defense is to use spam filters to weed out phishing emails where possible. To avoid being duped, do not follow links in emails purporting to come from financial organizations. Most banks will advise you to open a fresh browser session and type their URL into the address bar instead. Leading banks and Ebay provide a secure messaging area so you don’t have to use email.

Packet sniffers
Packet sniffers eavesdrop on data as it passes through a network, looking out for useful tidbits such as passwords and credit card numbers. One of the greatest risks now is at Wi-Fi hotspots, where people often use a hotspot without knowing who owns or operates it. The internet’s design, where data is bounced around between nodes until it reaches its destination, makes this threat impossible to eliminate. To protect yourself, use software that encrypts your connection to the internet, so that any data that is intercepted cannot be read by anybody in the middle of the network. If sending important data by email, encrypt the attachment and/or message first. Otherwise, don’t write anything on email that you wouldn’t want to see in tomorrow’s newspaper beside your photograph.

Port sniffers
Port sniffers look for computers connected to the internet that they can attack. To protect yourself, install a good firewall that filters all traffic going to and from the internet and blocks all unsolicited connection requests.

Maliciously coded websites
The web was designed to be a safe environment, with even the animation and programming plug-ins working in a sandbox without access to any data on the machine. But sometimes bugs are discovered in browsers that make computers vulnerable to maliciously coded websites. Sometimes these will exploit browser bugs to install spyware or to install a backdoor so that data can be stolen from a machine. To protect yourself, keep your browser software and any plug-ins up-to-date. Use a good firewall to manage all traffic going between your computer and the internet too.

Spyware
They say there’s no such thing as a free lunch, and online is no exception. Some free software programs are bundled with spyware, which monitors your activity - usually to direct advertising at you. It can clog up your computer as well as wasting your time by force feeding you adverts or diverting you away from websites you want to visit. To protect yourself from spyware, only install software from reputable sources and use antispyware software to prevent installation and to regularly scan for any spyware that slips through.

Shared computers
In cybercafés and libraries you need to keep an eye out for who’s looking over your shoulder and make sure that you don’t leave any of your accounts logged in. But that’s not the only place you might want privacy. If you share a PC at home, health information, finance data and even Christmas or birthday shopping bookmarks might be something you’d rather keep to yourself. By password protecting bookmarks and using a reliable tool to clean your browsing history, you can protect your privacy. And maybe keep a few gift surprises along the way!

Web surfer profiling
With only a handful of companies providing most of the adverts you see online, it’s possible for those companies to build up a picture of the range and the nature of the websites you visit. Indeed, Microsoft now sells packages where advertisers can target users by gender, age, and household income. Its categories of profiled users include expectant mums, parents and homebuyers. What if somebody in the office looks over your shoulder when you’re shown a job ad because an advertising network that’s been spying on you believes you’re job hunting? Using a proxy server, you can have all your data requests directed through a third party server and have your cookies filtered so that none of the companies you visit or are exposed to online can build up a profile of you.

Hardware loss
People often back up their data in case their computer or USB key is lost or stolen. But they tend to forget the privacy implications of their data being out in the wild. A survey by Steganos found that 64% of people would worry more about the privacy of their personal data than the cost of the hardware if their computer was stolen, but that only 12% use encryption to ensure their data is protected even if their computer falls into the wrong hands. Encryption software is now available off the shelf using the same high standard of encryption that the US government considers good enough to protect ‘Top Secret’ data. By encrypting your data, you can be sure that wherever it goes, it will remain private and can only be read by those who have been authorized by being given a copy of the password.

Residual data fragments
Just because you’ve wiped a file, doesn’t mean it’s no longer there. Data from files that have been deleted often remains in empty space on the disk and can be recovered using specialized tools. Surveys regularly find that second hand hard drives still have traces of the original owner’s financial data on them. To ensure that any data you want to dispose of is irrevocably wiped, use shredder software that overwrites it multiple times so that it cannot be recovered.

[Surendran]

This information is really a helpful one and i believe this should reach many people who still suffers with these kind of security threats caused by malwares and worms. It is necessary to highlight this thread in the index page as long as possible in such a way it reaches as many people as possible. Keep us posted wenwilder.

[Chris]

awesome post wen. thanks for all the useful information.

[Webnauts]

Excellent glossary Wen.

Thanks!

[mikesmith76]

Quote:

This information is really a helpful one and i believe this should reach many people who still suffers with these kind of security threats caused by malwares and worms. It is necessary to highlight this thread in the index page as long as possible in such a way it reaches as many people as possible. Keep us posted wenwilder.

I second this comment. It's a shame that most of the time these type of posts are only read by webmasters / security professionals - the very people who often already know (or have a good idea) how to avoid them.

Every day I get another phishing email from someone after my bank details / paypal details etc. These type of attacks are obviously still working - how do we get the message out to the average user to NEVER click on emaill links asking for personal information?

[kgun]

My remarks below in blue:

Quote:

Originally Posted by wenwilder

I try to stay abreast of the latest news in malware and now-and-then I run across an article I believe would be helpful to others. Aston Fallen, the CEO of security software developer Steganos, wrote an informative article I believe should be shared. (submitted 10.17.06)

Full Article Below:

My thought. How up to date is he, since he does not mention Pharming, that I wrote about a year ago on the front page of MultiFinanceIT under the heading "Security."

Today, the first symptom of an infection could be an empty bank account. To protect yourself, install antivirus software that prevents installation, scans all incoming and outgoing data and regularly scans your computer.

No, never use a bank account with more currency in it than you can afford to loose in the short run. Set a maximum limit that can be withdrawn. Even better, pay by using trusted credit cards. Then the responsibility is on the Card Company if you have followed the rules for that card. Learn those rules. Print them and have them in front of you on the wall.


Packet sniffers
Packet sniffers eavesdrop on data as it passes through a network, looking out for useful tidbits such as passwords and credit card numbers. One of the greatest risks now is at Wi-Fi hotspots, where people often use a hotspot without knowing who owns or operates it. The internet’s design, where data is bounced around between nodes until it reaches its destination, makes this threat impossible to eliminate. To protect yourself, use software that encrypts your connection to the internet, so that any data that is intercepted cannot be read by anybody in the middle of the network. If sending important data by email, encrypt the attachment and/or message first. Otherwise, don’t write anything on email that you wouldn’t want to see in tomorrow’s newspaper beside your photograph.

Encryption can be false security if there is a risk that the hacker know the decryption algorithm.

Port sniffers
Port sniffers look for computers connected to the internet that they can attack. To protect yourself, install a good firewall that filters all traffic going to and from the internet and blocks all unsolicited connection requests.

What is a good firewall?


Spyware
They say there’s no such thing as a free lunch, and online is no exception. Some free software programs are bundled with spyware, which monitors your activity - usually to direct advertising at you. It can clog up your computer as well as wasting your time by force feeding you adverts or diverting you away from websites you want to visit. To protect yourself from spyware, only install software from reputable sources and use antispyware software to prevent installation and to regularly scan for any spyware that slips through.

Yes, and a lot of the pages have high toolbarrank.

Hardware loss
People often back up their data in case their computer or USB key is lost or stolen. But they tend to forget the privacy implications of their data being out in the wild. A survey by Steganos found that 64% of people would worry more about the privacy of their personal data than the cost of the hardware if their computer was stolen, but that only 12% use encryption to ensure their data is protected even if their computer falls into the wrong hands. Encryption software is now available off the shelf using the same high standard of encryption that the US government considers good enough to protect ‘Top Secret’ data. By encrypting your data, you can be sure that wherever it goes, it will remain private and can only be read by those who have been authorized by being given a copy of the password.

Encryption can be false security. See remark above.

Residual data fragments
Just because you’ve wiped a file, doesn’t mean it’s no longer there. Data from files that have been deleted often remains in empty space on the disk and can be recovered using specialized tools. Surveys regularly find that second hand hard drives still have traces of the original owner’s financial data on them. To ensure that any data you want to dispose of is irrevocably wiped, use shredder software that overwrites it multiple times so that it cannot be recovered.


A Norwegian company are experts on restoring lost data. Some years ago, when I checked their soloutions, they could restore data even if it were overwritten multiple times. I do not know how competent they are today, but most probably more. They can even restore a harddisk after a fire.

Final advice. Log in as a user when you surf the web and do not store sensitive data on a computer connected to the internet.