Saturday, December 13, 2008

Viruses and Malwares

I have been posting articles which I come across to help you keep your computer free of viruses and malwares.
Here is another article from "Business Line" which helps you to identify the different modes of attack.
I have found that the best method is not to open any mails from unknown sources and not to accept any invitation from anybody to join any group of social network.
Now that Christmas and New Year is near, you will be getting many mails to open links to cards. Delete them immediately.
Radheshyam

Now, security attacks take the guise of topical news, events of social importance and major festivities.
R. Savitha


Pune, Dec. 12 Christmas shopping online has become increasingly popular, with a large number of people researching gift ideas before purchasing on the high street.
According to a recent report (source Google), 66 per cent of shoppers say they are more likely to shop online for Christmas presents this year, 77 per cent plan to carry out half or more of their Christmas shopping online and 86 per cent will research Christmas shopping on the Internet before buying in-store.
Talking to Business Line, Mr Manish Bansal, Marketing Manager, Websense Software Services India Pvt Ltd, said that last year, there were many incidences of simple phishing attacks, compelling people to divulge their personal information.

Now, security attacks not only exploit vulnerabilities in software that may or may not require user interaction but also take the guise of topical news, events of social importance and major festivities.
Websense has discovered two Trojan dropping security attacks created around Christmas festivities.Top 5 Attacks

Mr Manish said the top 5 attack methods are the Drive-by, which infect users without interaction and their knowledge. Browsing an infected Christmas-themed Web site could allow code to be executed that exploits vulnerabilities in software installed on that machine, which could be the browser itself, to the operating system, to third-party plug-ins.

The second is Fancy Dress disguise, where the user is sent an e-mail containing an image usually linked to a theme. For example, it could be a mail of a jolly Christmas Father which could have malicious URLs containing links to malware or exploit code, which when clicked can cause serious problems for the user.

The third is the Dancing Decoy, an e-mail lure containing a distraction for the user, i.e. screensaver, picture, animation. For example, an e-mail showing snowflakes falling catches the user’s eyes, while a backdoor Trojan is installing. The user is only aware of the image and has no knowledge of what is happening in the background. Watch out for fun-looking videos hosted on Web sites, which could unleash something which is not expected.Anti-virus lure

The fourth is not the real deal, which lures people to download, access or install malicious Web site or application. When browsing on the Web, a redirect may occur that generates a pop-up explaining that the computer may be infected and asks whether to perform a free anti-virus scan and the results make claims of a viral presence on your machine. The aim is to encourage the user to download the fake AntiVirus Software. When activated, a Trojan is downloaded, allowing hackers control over the machine.

The fifth is slipping down the chimney, a new Internet attack vector that could allow the bad guys to slip past anti-virus protection. The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines, and could potentially render desktop and gateway anti-virus products useless.Benign code

Mr Manish said that malware authors write benign client code and embed it in a Web page, which contains no actual malicious content. When a user visits the Web page, the Java Script would request more code from other Web servers – a few bytes at a time.

This means the user’s gateway anti-virus engine sees only a few seemingly innocuous bytes. Once received, the bytes are stored until all the information has been transferred, then it creates a script element and the exploit is triggered, which disables the machine.

No comments: