Types of threat
Before I start describing the various types of online threat, I think it is important to understand why these threats exist.
Traditionally, malware creation was restricted to a few technically gifted but “mischevious” individuals who wanted to have “fun” at the expense of others. From there it progressed to being the province of unethical advertisers who installed programs on their unwitting victims computers to pop-up advertisements for which the advertiser got a per-click revenue. From there things have moved on again.
Most modern malware is the creation of professional criminals who wish to make money from you.
There are a number of ways in which they can do this ….
- Theft – if you take part in online banking, or use your computer for buying things online, your banking and credit card account details can be stolen and used.
- Identity theft – as well as theft of your banking and credit details, any personal details on your computer can be used to allow someone to assume your identity, setting up accounts and making purchases in your name.
- Advertising revenue – click through payments are still a valuable source of income to the unethical, and many infections use pop-ups and search re-direction to maximise the attacker’s click through payments.
- Using your computer to distribute spam or porn – the free space on your hard drive is a valuable resource to the distributors of spam and porn, who are more than happy to use your computer as a host server for their wares.
- Selling your information and data to others – by making you part of a botnet, your attacker can sell you as an “assett” to other criminals, so that they can exploit your computer as well. There is an active market for botnets, which are sold or rented out by botherders to those who have “use” for one.
So what types of threats are there and how should you handle them ?
Below are some of the most common ways to pick up an infection ….
- P2P file sharing – by far the greatest number of people who visit this forum for help with an infection, are people who use P2P (peer to peer) file sharing programs. By using P2P you are massively increasing your chances of getting your computer infected.We always require people seeking help here to remove any P2P programs before we will help them, since by keeping them you are practically guaranteed to get infected again.The threats to your computer from P2P are 3 fold ….
- Many P2P programs come with spyware functionality pre-installed.
- You are downloading from unknown sources. Most malware writers specifically target P2P distribution, offering “free” or “cracked” goodies as bait to entice you to download their creations.
- Unless properly configured, users of P2P programs are usually giving access to a great deal more of their computer than they may realise. Most people do not configure the programs properly.
As you can see, even if you use one of the “clean” P2P programs, you are still at high risk of contracting an infection.
Further information:
http://www.us-cert.gov/cas/tips/ST05-007.html
http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
http://www.benedelman.org/spyware/p2p/
http://www.pcworld.com/article/126230/identity_thieves_lurk_in_ptop_networks.html
- Infected e-mails – are one of the oldest ways of distributing malware, yet it’s amazing how many people still get infected by opening them.Quite simply, if you get an e-mail from someone you don’t know, then delete it. Don’t open it to see what they want, if you didn’t contact them, then there’s no good reason why they should want to contact you.Infected e-mails may however also come to you from someone you know. If someone you know has contracted a computer infection, then the first thing the infection will do is contact everyone in his or her address book and send them an e-mail containing a copy of the infection.These usually come in one of two ways.
- As an attachment. Never open e-mail attachments, no matter who they come from, until you have contacted the person who supposedly sent it, and confirmed with them that they have sent you an attachment.
- As an embedded html/javascript code. The safest setting is to have your e-mail client set to view incoming e-mails in text only, that way any malicious html code cannot execute. Of course this means you don’t have all the pretty formatting that html provides, but it does mean that you cannot be exploited by a hidden html/javascript code.
- Clicking on Pop-ups – it is surprising how many people get infected by the simple act of clicking OK on a pop-up Window. If you’re not 100% sure that the source of the pop-up is from a source that you trust, then do not click on it.Two of the favourite ways to entice you to click on the pop-up are ….
- The pop-up will resemble a “standard” Windows or Anti-Virus notification window and tell you your computer is infected and ask you to click to fix it. – Some of these pop-ups are an almost perfect facsimile of the genuine thing and are very believable.
- The pop-up will tell you that you need to download a special codec to view some particular media. Very few websites require anything other than the standard codecs supplied with Windows for you to view their contents. By clicking on one of these pop-ups, instead of downloading and installing a codec, it’s much more likely you’ll be downloading and installing malware.
Do not attempt to close the pop-up windows by clicking on the X in the top right corner of the window as usual, since this may also activate the malware installation. Instead hit Ctrl+F4 to close your browser. If this does not work you may need to shut down Windows to kill the pop-up window.
- Downloading Freebies – is another of the most popular ways to contract an infection. Whether using P2P (the most popular option) or using the more conventional download methods.If something seems too good to be true, it is. Malware writers love to bait the trap by offering “free” versions of popular pay for programs, videos, music etc. You may or may not get the products you’re hoping for, but they certainly won’t be free because they’ll almost certainly either be replaced with or accompanied by a package of malware.
- Phishing – is a relatively new method of exploiting people online, where the attacker tries to convince them to part with important information, such as site passwords, bank account details, or credit card details, by pretending to be some legitimate person or organisation.The initial approach is usually (but not always) by e-mail. The attacker will purport to be from your bank (or some such body) and will spin you some plausible story and asking you to confirm your account details. They will supply a link in the e-mail to what looks like a legitimate website, where you will be requested to enter your account and password and/or other personal information.The site is of course just a very clever copy of your actual bank’s website, and you have now given your attacker all the information he needs to empty your actual bank account, and/or to set up false bank and credit accounts using your name.Some of the cruder phishing scams are easily spotted by their unusual phraseology and poor English grammar. However many are very, very plausible. Just remember this ….
No bank, credit card company, financial institution or reputable business will EVER contact you in this way, asking for this kind of information.
- Bad or Infected Websites – some websites are just bad news (porn sites, warez sites, etc) and are set up to entice the unwary. Just visiting them, without even clicking on anything once you’re there, can be enough for you to contract an infection. The simplest way to avoid infection is to avoid visiting those type of sites.The more insidious problem is when a legitimate website is host to a “poisoned” link. Unless a website is properly secured and administered it is a relatively simple task for an unscrupulous person to hack the site and replace legitmate links with ones that perform an entirely different purpose. Clicking on such a link will either take you to a website you did not intend to visit, or cause you to install software you did not intend to install, sometimes both.The two attacks described above are known as “drive by” infections, and are one of the more difficult problems to avoid, since potentially any website could be compromised. One way round them is to disable scripting in your browser, but that can mean a great many legit web applications will fail to display when you browse the internet.Users of Firefox can install an extension called NoScript which enables script permissions to be “allowed” on a site by site basis. This can reduce (but not eliminate) your chances of contracting a drive by infection, since only the sites you have “allowed” can run scripts on your computer.
Ajaxian Website
Javed Khan 