Vectors: Methods of Attack
Vectors?
"Vector" refers to the method of attack -- the attacker's choice of weapon. Email attachments are a prime example. It's often easy to get them in "under the radar." Think of them as "attack gateways".
In this case, the human element is the end target. Many users are the weakest link in their own PC systems. They just can't resist opening attachments. Attack by attachment is based on that convenient fact.
Don't confuse attack vectors with payloads. Worms, for example, always count on some vector to let them in. It's not just a game though. They usually carry spyware, a virus, or a Trojan as their payload. "Worm" alludes to how they replicate. Worms wiggle into a computer, replicate and crawl out over a network (local net or internet) to infect other computers. Trojan horses, spyware, dialers, hijackers, etc., are the kind of payloads worms can deliver. All attacks combine a payload with a vector.
Ordinary virus attacks have been declining. The bad news is that hostile software writers have moved on to more damaging attacks, such as installing Trojan-horses and spyware. The number of attacks has increased dramatically. The attack vectors described below are how most of them are launched.
Attack by email
Email messages themselves have become vectors, even though attack via attachment is still more common. The hostile content is either embedded in the message, or linked to by the message. Sometimes attacks combine the two vectors, so that if the message doesn't get you, the attachment will.
Email provides a convenient delivery vehicle for deception. The weak spot is the ignorance or credulity of the computer user, not the computer itself. This story about a fake Microsoft update is a simple example of attack by email.
Email attacks continue to advance in sophistication. Criminals are combining their tricks with the techniques of spammers to make these attacks more effective. Millions of messages can be sent out in the hope that a large number of people will be duped.Spam is almost always carrier for scams, fraud, dirty tricks or malicious action of some kind. Any link that offers something *free* or tempting is suspect. Acting on a spam message usually leads to an outcome that is disappointing if not downright unpleasant.
Attachments (and other files)
Malicious attachments are the most powerful way to attack a PC. They're a simple way to deliver a highly effective payload. They are being overtaken by Web page trickery, but attachments are still a major threat.
Malicious attachments install malicious computer code. The code could be a virus, Trojan-horse, spyware or any other kind of malware. Attachments attempt to install their payload as soon as you open them. Your internal defenses may protect you, but don't count on it.
Attack by deception
Deception is aimed at the user/operator as the vulnerable entry point. It's not just malicious computer code that you need to watch out for. Fraud, scams, hoaxes and to some extent spam, not to mention viruses, worms and such, require the unwitting cooperation of the computer's operator to succeed.Social engineering is the art of conning someone into doing something they wouldn't ordinarily do, for example, reveal a valuable secret. Virus writers incorporate social engineering in spam to convince people to do careless things, like opening attachments that carry viruses and worms. They also use it on the phone to get passwords or other sensitive information.
Hoaxes are another form of deception that is often an attack vector too. Ignorance and credulity is the attack target. They can result in an exponentially growing number of messages can easily swamp an email system. Other hoaxes trick people into damaging their own PC by deleting files.
Hackers
Originally, hacker was a term of respect for experts who could do *cool* things with computers. Some hackers crossed over to the dark side. These villains are more properly known as "crackers". The distinction isn't often made in the popular press. That annoys hackers, who like to think of themselves as whitehats.
Hackers are a formidable attack vector because, unlike ordinary malicious code, people are flexible and they can improvise. Hackers use a variety of hacking tools, heuristics, and "social engineering" to gain access to computers and online accounts. They often install a Trojan-horse so they can commandeer the computer for their own use.
Heedless guests
Has your computer ever been invaded by a guest user? It's easy to overlook that avenue of destruction. You can do some things to block this activity, but backup is the only real protection
Attack by webpage
Counterfeit Web sites are used extract personal information from people. They are an enabling vector -- the actual attack vector is deception. Counterfeit websites look very much like the genuine websites they imitate. You think you're doing business with someone you trust. However, you're really giving your personal information, like your address, credit card number and expiration date to a rip-off artist. They're often used in conjunction with spam, which gets you there in the first place.
Popup Web pages can install spyware, adware, hijackers, dialers or Trojans or other scumware. They may even close your internet connection, and then make a very expensive phone call using your modem. All of these things are larcenous at heart.
Attack of the worms
Many worms are delivered as attachments, but network worms use holes in network protocols directly. Windows" DCOM vulnerability is a prime example. Any remote access service, like file sharing, is likely to be vulnerable to this sort of worm. These worms propagate without relying on victims to open attachments. In most cases a firewall will block system worms, or you can disable the vulnerable service.
Many of these system worms install Trojan-horses. Some can disable ordinary anti-malware software, and then install the Trojan, which is the worm's payload. Next they begin scanning the Internet from the computer they've just infected, looking for other computers to infect. If the worm is successful it propagates rapidly. The worm owner soon has thousands of "zombie" computers to use for more mischief.
Malicious macros
Many documents -- those used by Word and Excel, for example -- allow macros. A macro does something like automate a spreadsheet, for example. The problem is that macros can also be used for malicious purposes. They can attack your computer directly. Keeping your software patched, and anti-virus programs are the best ways to deflect macros. You can get a malicious macro from anybody. If they've picked one up, their documents will contain a copy of the macro.
Instant messaging, IRC and P2P file-sharing networks
These three Internet services rely on cozy connections between your computer and other computers on the Internet. If you use them, the special peer-to-peer software that you install makes your machine more vulnerable to hostile exploits. Just as with email, the most important thing to be wary of is attachments and website links. [news] [more news]
It's safer to just stay away from any of these services. However, you can defend your machine against these vectors. Antivirus, anti-Trojan and anti-malware software helps. Special blocking software has begun to appear, like IMsecure from Zone Labs.
Foistware (sneakware)
Foistware is software that adds hidden components to your system on the sly. Spyware is the most common form of foistware.
Foistware is quasi-legal software bundled with some attractive software or other bait. The stealth process is installed without your knowledge. Sneak software often hijacks your browser and diverts you to some "revenue opportunity" that the foister has set up.
Viruses
Strictly speaking, viruses are not an attack vector in my view. They're malicious computer code that hitches a ride. That makes them the payload. The original virus vector floppy disks that carried infected files. Now, virus vectors include email attachments, downloaded files, worms and more.
More on the Web
"UK Security Online" has excellent coverage, both of the major Internet threats and of defenses. They take a network point of view, but most of the content applies to home systems as well. The writing is very clear and straightforward.
- • attack vectors
- deception the #1 threat
- phishing #1 deception
- poisoned websites
- poisoned email
- email attachments
- downloads
- spam (scams and phishing)
- hackers and worms
- popup warnings
- • malicious content
- spyware
- viruses and worms
- trojans
- • backup is security job one
- • develop your "web smarts"
- don't get hooked
- guard against spyware
- be careful with email
- fear attachments
- surf safely
- • tighten security settings
- windows
- browsers
- email clients
- • defense tools and software
- firewalls
- hardware firewalls
- anti-virus
- anti-spyware/-malware
- all-purpose security suites
- • patch and upgrade software
- • bonus: double your security
- • test your protection
- • protect your privacy
- • WiFi security