How often have you had issues with your computer and called tech support, only to be told you have a virus or that spyware has been installed on your computer? Even people who are careful sometimes end up with malicious software on their computers. This is due, in part, to the nature of how a computer communicates.
There are 65,535 available ports, or points of entry, that can be accessed on a computer and many of them have to be open by default to perform normal Internet communications, such as Web surfing, sending e-mail, and using various programs. Hackers can exploit this to send self-installing malware to your computer through an open port. In addition, unscrupulous people called “social engineers” and “phishers” use various methods to extract information, such as passwords or personal information, from unaware users.
The bulk of this lesson covers malware – a general term for spam, spyware, viruses, and other malicious software. However, this first section covers some of the other, less-obvious security threats you might face while using today’s Internet-connected technology devices, such as notebook and desktop computers, PDAs (personal digital assistants) and smartphones.
Social Engineering
Social engineering – also called pretexting – plays on human behavior and how people interact with one another. It involves getting information under false pretenses. Here are some examples of social engineering scams:
- The scammer visits your office and claims to be from the IT department. He says he needs to fix your computer, and asks for your account name and password so he can log onto your account.
- The scammer plays on your sympathy, pretending to be a new employee who has forgotten the code to get into the secure part of the building, and says he’ll get fired unless you help him out by sharing the code.
- The scammer calls, pretending to be one of the “big bosses” in the company, and tries to intimidate you into giving information.
To protect yourself, never feel that you have to give out sensitive information to someone you don’t know. If someone asks you for these types of information, there are several pieces of information that you should be gathering instead:
- Ask for the correct spelling of the person’s name.
- Ask for her employee number.
- Ask him to tell you your account number.
- Ask her which transactions have been processed and you’ll either verify or deny the transaction.
- Who does the person claim he or she is representing?
If the caller is not legitimate, asking these questions will usually let you know. Remember that social engineering plays on human behavior and willingness to help and trust others. To protect your confidential information, you must not be so willing and trusting.
Phishing
When this type of information gathering is done via e-mail, it’s called phishing, because basically the person is fishing for information.
Here’s how it works: You receive an e-mail that appears to be from your bank stating that the bank is having some trouble processing some automatic payments. The e-mail explains that to clear up the problem, you need to click the provided link and log in to the Web site using your user name and password. If you do, you’re directed to a fake Web site where your information is captured.
You can often spot these scams by hovering your mouse pointer over the URL (uniform resource locator) in the e-mail message. Usually, the link that appears in a pop-up tooltip is different from the diplayed link. For example, the displayed link shows www.xyzbank.com; however, when you hover your mouse pointer over it, something similar to www.badguy.ru/xyzbank appears in a tooltip. Many of these sites are on foreign servers, as indicated by .ru (for Russia) as the top level domain.
The fake Web site, which looks exactly like your bank’s real Web site, has been set up for the sole purpose of stealing personal information. Unsuspecting people are often fooled into entering credit card numbers, bank account numbers, passwords, and other details. Approximately 5 percent of e-mail recipients respond to phishing messages, but that’s enough to make it worthwhile for the phishers because they may be able to clean out those people’s bank accounts or run up credit card bills for thousands of dollars.
You should never respond to an e-mail asking you to verify any kind of personal information. Reputable companies don’t ask their customers for passwords or account details in an e-mail or phone call. Even if you think the e-mail or phone call may be legitimate, don’t respond. Instead, contact the company by phone or by visiting their Web site directly. (The one you have bookmarked; not the one sent to you via e-mail.)
Identity Theft
Identity theft occurs when someone gains access to some or all of your personal information — name, address, Social Security number, driver’s license number, birth date, and bank or credit card account numbers — and uses them without your permission. A thief can clean out your account, or run up a balance, within hours without you being aware of it until well after the crime’s been committed.
Identity theft is a serious crime that’s punishable by law in most states. However, it’s up to you to minimize the threat of identity theft by keeping your confidential information private. If you believe you’re a victim of identity theft, contact your bank or credit card company and local law enforcement office immediately to report the crime. You can also get further assistance from your state’s identity theft Web site. Just go online and search for identity theft your state to find the appropriate Web site and phone numbers.
Identity theft can also occur when a thief steals a device that contains personal information. Notebook computers are easily stolen or lost, along with whatever data is stored on them. You can — and should — use file encryption to protect sensitive data stored on a notebook computer. New technologies, such as the BitLocker feature in some editions of Windows Vista, can encrypt the entire drive. You can also buy software that causes your stolen notebook to “phone home” if the thief gets on the Internet without entering the correct passwords.
Today, in addition to a cell phone, many people carry a PDA or full fledged handheld computer. A personal organizer often contains a large amount of important personal information — and not only your own, but also that of other people in your address book.
Minimally, you should require a password to even access the handheld device or PDA. Every device is different, so be sure to read your owner’s manual to find out how to password protect yours. For better security, some devices now come with biometric security, so you must swipe your fingerprint to start the device.
Just like junk mail clogs your regular mailbox, spam clogs your e-mail inbox. Spam is a term that refers to the sending of unsolicited commercial e-mail. Most spam is commercial advertising, often for products such as get-rich-quick schemes, physical enhancements, adult Web sites, and cheap medications. Spam costs the sender very little to send because the actual costs are paid for by the carriers rather than by the sender.
E-mail spam targets individual users with direct e-mail messages. Spammers create their e-mail lists by scanning newsgroup postings, stealing Internet mailing lists, or searching Web sites for e-mail addresses. Spammers use automated tools to subscribe to as many mailing lists as possible so they can capture the lists of addresses, or use the mailing list as a direct target for their attacks.
Spyware is computer software that collects personal information about a computer user without the user’s informed consent. Spyware is often installed through “drive-by downloads” from malicious Web pages running code or along with another legitimate program you intended to install.
Spyware may also be advertising-supported software, called adware. Adware enables advertisers to make money from a product without directly selling it to the users. The companies also install additional tracking software on your computer, which continuously keeps in contact with the company over your Internet connection. It reports data to the company, such as your surfing habits and which Web sites you’ve visited.
Although adware companies state there will be no sensitive or identifying data collected from your computer, the fact remains that you have software on your PC that’s sending information about you and your surfing habits to a remote location.
Adware is not an illegal type of software; however, there are certain privacy issues involved. Legitimate adware companies disclose the nature of data that’s collected and transmitted, but there’s almost always no way for the user to actually control which data is being sent. Plus, this technology is capable of sending more than just banner statistics.
Another type of spyware is surveillance software that’s designed to collect much more than just information about what Web sites you visit. Keystroke loggers, screen capture programs, chat loggers, and similar programs can enable someone else to see every character you’ve typed or what has appeared on your monitor. This type of spyware is used for genuine spying purposes — by suspicious spouses, worried parents, private detectives, and even government agencies (with a warrant). Although these tools are perfectly legal in most instances, if they’re abused, they can violate your privacy. So what can you do about spyware?
How do I know if my computer has a spyware
Here are some indications your computer may contain spyware:
- The computer is slower than it used to be, especially when browsing the Internet.
- It takes a long time for the Microsoft Windows desktop to come up.
- Clicking a link does nothing or goes to a different Web site than expected.
- Your browser home page changes and you may not be able to reset it.
- Web pages are automatically added to your Favorites list.
One of the earliest known forms of malicious code is the computer virus. The name virus comes from the behavior of the code and its similarities to biological viruses in the way it reproduces itself and spreads to new hosts. A virus is a program or piece of code that’s loaded on to your computer without your knowledge. It’s designed to attach itself to other code and replicate when an infected file is executed or launched. At this point, it attaches to other files, adding its code to the application’s code and continues to spread.
Types of viruses that exist include:
- Boot sector: Places a virus into the first section of the hard disk, so when the computer boots up, the virus loads into memory. The boot sector is also called the master boot record or master boot sector.
- Program virus: Infects executable program files, such as .exe, .com, .sys, and so on.
- Multipartite: Is a hybrid virus that uses multiple techniques; for example, combination boot and program virus.
- Polymorphic: Has the ability to change form each time it’s executed; hackers developed it to avoid antivirus software detection.
- Macro: Is inserted into a Microsoft Office document and e-mailed to unsuspecting users.
A virus doesn’t execute by itself — it has to be triggered by some type of action, such as clicking a link or opening a file. However, since 2000, the majority of viruses released are actually worms, which do replicate without user action.
A virus hoax uses system resources and consumes users’ time. Virus hoaxes are false reports about non-existent viruses, usually sent as e-mail. Some hoaxes are more dangerous; they advise you to delete files on your computer to “clean out the virus,” but these are actually important system files that the computer needs to run. You should always check the validity of these types of e-mails before you take action, or worse, forward the e-mail, which just helps propagate the hoax.
The following companies and organizations list virus hoaxes on their Web sites and steps to protect you against them:
- Symantec
- McAfee Security
- Sophos
- Urban Legends Reference Pages at Snopes.com
There have been a number of viruses distributed through e-mails purporting to be from Microsoft or other vendors. As a general rule, Microsoft and other reputable vendors don’t distribute antivirus software updates or patches via e-mail. (They do, however, send alerts and update notifications via e-mail, if you sign up for them at their Web sites.) If there’s any doubt as to whether something is real, check the Web site of the company in question by opening your Web browser and entering the company’s URL directly or use your bookmarked address. Never click a link or open an attachment in a questionable e-mail.
Trojan
A Trojan horse appears to be useful software, such as a screen saver, utility, or game but there’s code hidden inside that attacks your computer directly or enables the system to be compromised by the originator of the code. File sharing, including music, video, and text, is a common transport mechanism. Trojan horses are often distributed over P2P (peer-to-peer) networks.
Antivirus software is designed to detect Trojan horse software programs; therefore, the steps to protect a computer from Trojan horse programs are the same as protecting your computer from virus code, which is discussed in Lesson 2.
Worms
Worms are similar in function and behavior to a general virus or a Trojan horse with the exception that worms are self-replicating without any user interaction. A worm is built to take advantage of a security hole in an existing application or operating system, find other computers running the same software, and automatically replicate itself to the new host. After the worm is running on a computer, it checks for network or Internet connectivity. If a connection exists, the worm then tries to replicate from one system to the next. There are many variants to each type of worm. Often, they’re quite difficult to remove, so antivirus companies have downloadable tools available to remove them.
Rootkits
A rootkit is a type of malware that hides the tracks of intruders and can be incorporated with other malicious code to take complete control of a system. Rootkits keep virus scanners and other detection software from finding them and their related hacker tools. Rootkits generally don’t propagate themselves to systems like viruses and worms, but worms can install rootkits.
Buffer oveflow
A buffer overflow occurs when data is sent to a computer’s memory buffer beyond a fixed length boundary, causing it to overwrite data in adjacent memory locations. Many times, a buffer overflow is the result of a vulnerability or program flaw in software.
Criminal hackers take advantage of these known vulnerabilities or flaws by launching buffer overflow attacks. Buffer overflows are probably the most common way to cause disruption of service and lost data because there’s no way to screen bad requests.
Spoofing
Spoofing refers to a program or person pretending to be another by sending false information. Spoofing is one of the most common forms of online concealment. Spoofing makes data appear to come from somewhere other than where it really originated. This is accomplished by modifying the e-mail address, IP headers or other source of information about the origins of the data.
Hackers often use this type of attack to get additional information from users to carry out a more aggressive plan. Spoofing and phishing often go hand in hand.
Botnet and their zombies
A bot (short for robot) is a software application that performs automated tasks. Hackers use bots to carry out automated attacks on networks. A botnet is a collection of bots that run autonomously. The goal of many computer hackers is to take over as many systems as possible to help them achieve their goals.
They assemble botnets of individual compromised computers (known as “zombies”) that they control remotely, often by using an IRC (Internet Relay Chat) or IM (instant messaging) server. In addition to obeying whatever commands the hacker issues, the zombies also prowl the Internet looking for additional hosts to infect. After many computers have been infected, the person controlling the malware uses this covert network of computers — including yours — as zombies to launch DDoS (distributed denial of service) attacks against Internet servers. A DDoS attack can quickly shut down a server.
