If this is your first time at this page,
look for >> which will take you to the details.
ATTACK VECTORS?
Attack vectors are routes or methods used
to get into computer systems, usually for nefarious purposes. They take
advantage of known weak spots to gain entry.
Many attack vectors take advantage of the
human element in the system, because that's often the weakest link.
Don't confuse attack vectors with payloads. A virus is often the attack vector as well
as carrying the payload. A worm is always
the attack vector, and could carry a virus
as the payload. More often it's some other
form of malware. Trojan horses are always
payloads, as are spyware, dialers, hijackers,
etc.
Ordinary virus attacks have been declining.
The bad news is that serious hostile software
writers have moved on to more detrimental
attacks, such as installing Trojan-horses
and spyware. The number of these attacks
has increased, and most of the attack vectors
described below have been used to pull them
off.
EMAIL as an ATTACK VECTOR
Email attacks continue to advance
in sophistication.
Miscreants are combining their
tricks with
the techniques of spammers to
make their
attacks more effective. Millions
of messages
can be sent out in the hope that
a large
number of people will be duped.
This story
about a fake Microsoft update is a good example.
Malicious attachments have been the primary attack vector for
some time. They are being overtaken by Web
page (largely popups) trickery, but attachments are still a major threat.
Attachments make a simple, effective attack
vector. They're designed to install malicious
code on your computer. The code could be
a virus, Trojan-horse, spyware or any other
kind of malware. Attachments attempt to install
their payload as soon as you open them. Your
internal defenses may protect you, but don't count on it.
Files that you download from
questionable
sources are also likely to contain
malicious
code. There are even ways to
include malicious
code in music files or pictures.
Infected
entertainment files spread mainly
through
file sharing networks and from
dodgy Web
sites.
Messages >>
Email messages themselves are also used as attack vectors,
even though its more common to use attachments. The hostile content is embedded in the
email message itself. Another trick is to
combine the two vectors, so that if the message
doesn't get you, the attachment will.
Email provides a convenient delivery vehicle
for deception. The target is the ignorance or credulity
of the computer user. The kind of malicious
email itself does not attack the computer
itself. It attacks the user, who unwittingly
initiates the attack.
The objective of deception can be either
to initiate fraud directly, or to divert
the user to a Web site, where the actual
attack takes place. It may ask you to reply
with personal information. It may offer something
too good to be true. As soon as you take
the action you've triggered the message's
hidden agenda. The best way to avoid these
problems is to delete bogus messages.
Email can be used to deliver hostile code
directly though. The message may be in HTML
format, which means it's just like a Web
page, and the results are the same as visiting
a malicious Web site directly. Reading the message, or simply
viewing it in a preview screen will immediately
activate any hidden malicious content. You
can defeat this kind of email by setting up your email client (program) properly.
"Unsolicited commercial email"
-- spam in other words -- is almost always
an entryway for scam, fraud, dirty tricks
or malicious action. Any link that offers
something *free* or tempting is suspect.
Acting on a spam message usually leads to
an outcome that is unpleasant. The stories on the bogus email page will help you learn what to look for.
Deception is aimed at the user/operator as the vulnerable
entry point. It's not just malicious
computer
code that you need to watch out
for. Fraud,
scams, hoaxes and to some extent
spam, not
to mention viruses, worms and
such, require
the unwitting cooperation of
the computer's
operator to succeed.
Social engineering is the art of conning
someone into doing something they shouldn't
do, or revealing something that should be
kept secret. Virus writers incorporate social
engineering in spam to convince people to
do stupid things, like opening attachments
that carry viruses and worms. They also use
it on the phone to get passwords or other
sensitive information.
Scams and fraud >>
Email and Web sites are the enabling vectors,
but deception is the primary attack vector here, since
that's what makes scams and fraud work. Email
and Web sites are often used in conjunction
to perpetrate fraud. The Internet is a natural
breeding ground for scam artists because
it lends itself to anonymity.
Hoaxes >>
Hoaxes can damage email networks as much as real
viruses, even though they don't attack computers
directly. Ignorance and credulity is the
attack vector here. It's people that replicate
the malignant email that spreads and spreads.
The exponentially growing number of messages
can easily swamp an email system.
The term hacker was originally a term of respect for computer
experts who knew all about computers,
and
could do *cool* things with them.
Some hackers
crossed over to the dark side,
and these
villains were more properly known
as "crackers".
The distinction isn't often made
in the popular
press, and it annoys some hackers,
who like
to think of themselves as talented
whitehats.
Hackers can be a formidable attack vector
because, unlike ordinary malicious code,
people are flexible and they can improvise.
Hackers use a variety of hacking tools, heuristics,
and "social engineering" to gain access to computers and online
accounts. Once they're in they may just vandalize,
but more often they try to steal something,
or install a Trojan-horse so they can commandeer
it for their own use.
Has your computer ever been invaded
by a
guest user? It's easy to overlook
that avenue
of destruction. You can do some
things to
block this activity, but backup
is the only
real protection
Web pages can be be used as attack
vectors
too. Particularly popup windows.
They can
be rigged to do a number of things
-- virtually
anything that a malicious email
attachment
can do. They take advantage of
the power
that modern browsers have to
access several
program languages -- Java, Javascript,
ActiveX
and Microsoft Word macros, for
example. Your
best defense is to stay away
from risky websites
-- gothic, warez, crackz, gamer,
cheat code,
tres equis sites and things of
that ilk.
Counterfeit Web sites are used extract personal
information from people. Here, they are an
enabling vector -- the actual attack vector
is deception. Counterfeit websites look very much like
the genuine websites they imitate. You think
you're doing business with someone you trust.
However, you're really giving your personal
information, like your address, credit card
number and expiration date to a rip-off artist.
They're often used in conjunction with spam,
which gets people to visit the website in
the first place.
Popup Web pages can install spyware, adware, hijackers,
dialers or Trojans or other scumware. They
can install software that takes control of
your browser and steers you where they want
you to go. They may even close your internet
connection, and then make a very expensive phone call using your modem. All
of these things are larcenous at heart.
Most worms are delivered as attachments,
but there are new worms that
attack other
networking vulnerabilities. Windows"
DCOM vulnerability [more]is a prime example. Any kind of remote access
service is likely to be vulnerable
to this
sort of worm. These worms propagate
without
the need for humans to open attachments.
Email worms (often called viruses) have been
the attack vector of choice on the Internet.
They're far more infectious than ordinary
viruses because they do not rely on humans
to actively pass them on. All they need for
the human to do is open the attachment. If
an attachment carrying a worm is opened,
it emails copies of itself to some or all
of the people in any address book it finds.
Meanwhile, like other viruses, these worms
can do something destructive. More often,
these email worms install spyware, Trojans
or some other malware.
System worms take advantage of security holes in remote
access services. These worms propagate without
the need for humans to open attachments.
The Windows DCOM vulnerability is a prime
example. There's no "attachment"
-- they are self activated. When they find
a vulnerable computer they go to work to
to replicate themselves.
Many of these system worms install Trojan-horses.
First, they may disable any anti-Trojan software
they find, and then install the Trojan, which
is the primary payload. Next they begin scanning
the Internet from the computer they've just
infected, looking for other computers to
infect. If the worm is successful it propagates
rapidly. The worm owner soon has thousands
of "zombie" computers to use for more mischief.
Anti-Trojan software is no protection at
all against worms like this (because they
disable it). You must stop these worms at
some point before they're activated if you
want to protect your computer. In most cases
a firewall will block system worms, or you
can disable the vulnerable service.
Macros
Many documents -- those used by Word and
Excel, for example -- allow macros. A macro
does something like automate a spreadsheet,
for example. The problem is that macros can
also be used for malicious purposes. They
can attack your computer directly. Keeping
your software patched, and anti-virus programs
are the best defenses against macros. You
can get malicious macros from anybody. All
it takes is for them to have gotten one themselves.
Instant messaging, IRC (Internet Relay Chat) and
P2P file-sharing networks
These three Internet services
rely on cozy
connections between your computer
and other
computers on the Internet. If
you use them,
the special software you install
makes your
machine more vulnerable to hostile
exploits.
Several have already emerged,
and they're
bound to become more aggressive
with time.
Just as with email, the most
important thing
to be wary of is attachments
and website
links.
http://www.pcworld.com/news/article/0,aid,115837,00.asp
It's safer to just stay away from any of
these services. However, you can defend your
machine against these vectors. Antivirus,
anti-Trojan and anti-malware software helps.
Special blocking software has begun to appear.
http://reviews.cnet.com/4520-3513_7-5021265-1.html -- news
http://www.instantmessagingplanet.com/security/article.php/3086291-- news
http://www.instantmessagingplanet.com/security/article.php/2208441 -- news
http://www.securityfocus.com/infocus/1657 -- overview
http://www.informationweek.com/story/IWK20010927S0021 -- AOL and MSN instant messaging
http://www.pcworld.com/news/article/0,aid,111941,00.asp -- IMsecure blocking software
Trojan-horses
Trojans hide themselves from the user, and provide
a back door that enables remote
control of
the computer. The Trojan itself
is just a
payload, that can come in on
any attack vector,
for example a hacker.
However some Trojans are used as attack vector
themselves. For example, a hacker can use
a computer that is infected by a Trojan to
attack other computers. This lets the hacker
hide their computer behind the infected computer.
Spyware, adware, dialers, hijackers and such
Like viruses, these agents are payloads, not attack vectors. They can
be installed by foistware, attachments,
email
or Web pages, which are the actual
attack
vectors.
Foistware (sneakware)
Foistware is a new term for software
that
surreptitiously adds hidden components
to
your system on the sly. The term
is used
to differentiate the kind of
sneak installation
done by commercial software from
classic
Trojan horse installations, which
are usually
done with attachments, worms
or hacker/crackers.
Spyware is the most common form of foistware.
Foistware is quasi-legal, seductive software
bundled with unwanted software. The bait
is dangled to induce an "impulse install".
This bait element of the bundle is the attack
vector. The bait's job is to foist the malware on
you. When you install the bait, the sneak
software is also installed without your knowledge.
The sneak software usually spies and/or hijacks
your browser and diverts you to some "revenue
opportunity" that the foister has going.
Viruses
Strictly speaking, viruses are not an attack vector in my view. They're
malicious computer code. That makes them
a payload. The main attack vector for viruses
was originally infected floppy disks, but
now the vectors include email attachments,
downloaded files, worms and more.
Resources
"UK Security Online" has excellent coverage, both of the
major Internet threats and of defenses. They
take a network point of view, but most of
the content applies to home systems as well.
The writing is very clear and straightforward.
|