Internet Self-Defense: How DOES that stuff get on my computer?

It’s one of the most common questions I get: “How did that crud get on my computer?”

It’s a simple question with a not-so-simple answer. A few assumptions:

  • I’m not talking about High-Risk Targets, like a vice-presidential candidate. Or a billionaire. Or a government agency. Or a major multinational corporation that handles financial transactions. I’m looking at the average person or small business here.
  • I’m also looking at information from the past 1-2 years. I’m not going to predict the future (if I could I’d be predicting much more interesting things than malware trends) and I’m not interested in sharing floppy disks and other antiquities.
  • I’m also only looking at Windows XP, Vista and 7 machines. Anything older is unsupported now and it’s really time to upgrade.

Phrase of the Day: Threat Vector

The computer security business has a term “Threat Vector.” This is just a fancy way of saying, “how this crud got into my system.”

The most common threat vectors in home and small business use:

  1. Flash vulnerabilities.
  2. Java vulnerabilities.
  3. PDF exploits.
  4. Windows security holes
  5. Downloading programs from shady sites or services.

Here’s how they work:

Flash, Java, and Windows Security Exploits

Nasty people create Flash or Java programs that bypass your computer’s security and allow full control of the computer. They often do this by passing program commands that the computer can’t handle properly, then manipulating the error-handling of your system.

Once that program is ready, they hack a popular website and upload the nasty file, or place a link to it.

When you go to the website the Flash or Java program tries to run. In some cases it will fail, or antivirus software will catch it. In many cases, though, it will run, AV scanners won’t stop it, and your system will be compromised. This process downloads the complete hidden toolkit so the bad guys can use your PC for scanning networks, sending SPAM e-mail, and other nasty tasks.

PDF Exploits

Adobe Reader has had lots of security flaws revealed over the past few years. To hit you with one of these, the bad guy creates a special PDF file that will cause errors that Acrobat Reader does not process correctly. They then e-mail this as spam, link to it from a compromised web site, or compromise your machine using another vector…access your e-mail contacts…and send them a copy of this file. So your friends and colleagues get an e-mail saying “here is the latest budget file” or “please review this document.”

Many Antivirus programs do not catch these, and let’s face it: A PDF file coming from someone you know with a note like “Please review and let me know what you think” is a compelling way to get these files opened!

How do we prevent these?

  1. Keep your system updated. Run your Microsoft Updates. Go to http://www.java.com and hit “Free Java Download.” Follow the instructions. Go to http://www.adobe.com click “Get Adobe Flash” and follow the instructions. I recommend doing these on a weekly basis or signing up for one of our system management plans.
  2. Don’t open files you’re not expecting. Whether they’re PDF, DOC, DOCX, XLS, or XLSX … if you’re in doubt, ask the sender!
  3. Consider using a web content filter such as BlueCoat K-9 (for home), Sonicwall or Charland Technology’s web protection service for businesses.

Next time, more thoughts regarding online banking protection.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: