• Versions d'évaluation & téléchargements
  • Produits pour particuliers et indépendants
  • Produits pour PME et grandes entreprises
  • Malware Cleaner
  • Fichiers d'installation
• • Corporate
  • Norge
  • France
  • Deutschland
  • Sverige
  • Danmark
  • Suomi
  • Nederland
  • Schweiz
  • España
  • United States
  • United Kingdom
  • Italia
• À propos de Norman
  • Visions et valeurs de l'entreprise
  • Equipe de direction
  • Notre technologie
  • Récompenses et certifications
  • Cas clients
  • Centre de presse
  • Événements
  • Careers
  • Abonnement à la liste de diffusion
  • Nous contacter

Centre de sécurité

Self-protection from malware - part II

2010-08-06 [Ingénerie sociale, Mécanismes de diffusion]

Introduction

 In the previous article in this series about self-protection, we discussed examples of attempts to trick you to expose yourself for malicious software. Infected web sites are currently the most used technique for propagation of malware. By increasing your own awareness of the techniques the cyber criminals use, you can avoid this exposure.

Infected web sites

There are two different types of infected web sites/pages:

1. Those where the person with malicious intent herself has set up the web server and controls it. This type is normally the easiest ones to spot, even though some are quite clever and may replicate legitimate sites regarding look and feel, and have an address similar to the legitimate site. www.nicefeaturessite.com and www.nicefeatureesite.com look quite similar, but proof-reading will show that an ‘s’ in the former has been substituted by an ‘e’ in the latter.
    
2. Legitimate sites that have malicious elements. This may be because the site has been compromised and malicious elements have been inserted, or because the administrator of the legitimate web site has been tricked to add for example a malicious advertisement or another type of banner.

Recent studies indicate that the most malicious web sites are by far of type 2 above. Some studies show more than 90%.

A full examination of the different techniques used for inserting malicious elements on a web site is beyond the scope of these article. An Internet search will reveal lots of interesting information if you want more in-dept details. Suffice it to say in this context that some techniques used are:

• Cross Site Scripting (XXS),
• PDF files that exploit vulnerabilities in this file format,
• Malicious scripts (Javascripts or Active scripts),
• Malicious flash elements that exploit vulnerabilities in the flash player,
• Invisible IFRAMEs that loads malicious web elements,

Characteristics of social engineering attempts

It is close to impossible that you can be able to protect yourself against well-planned, targeted social engineering attempts. However, there are quite a few characteristics of the more mundane type, which are useful to remember.

Knowing these may save you from becoming a victim to scams of the kind each and every one of us are likely to be exposed to.
After all, few of us will ever experience a targeted attack directed at one person. Only particularly "interesting" persons merit such exceptional effort on an attacker’s side. Most of us are (unfortunately?) not that interesting.

A typical social engineering attack will often consist of some of the following or similar elements:

• Phrases that obviously intend to pick your curiosity.
• A link that turns out to be another one than the one displayed in the message.
• The displayed link is often to a well-known respectable organization.
• A message from an acquaintance of yours that is not in his or hers usual manner.
• A message from a completely unknown person.
• A message from yourself!

Protection against unknown threats

By increasing your awareness the way we have described in this and the previous article, you are better protected against typical, popular and traditional infection attempts.

More importantly, however, is that as a spin-off from your increased awareness, you are better equipped against infection attempts using completely new spreading mechanisms. It is a fact that whenever a new “device” is used for malware spreading, our previous, well-learned protection mechanisms tend to be completely forgotten. This issue has been discussed in several of our security articles the recent years - see for example this article from March this year.

By focusing on awareness rather than relying on previous knowledge and protection by software, you are less inclined to be infected.

Useful resources

Useful information about social engineering trends and examples can be found all over the Internet.

Some recommended resources with general information as well as information about the latest threats are:

• Norman’s Security center: http://www.norman.com/security_center/ (this section of our web)
• SANS’ Storm center: http://isc.sans.org/ 
• Different countries’ CERT (Computer Emergency Response Team) web sites and mailing list. (Use a search engine to find your own local CERT.)
• Lots of other security organizations’ web sites and independent blogs.

Utilisation	Titre	Commentaire
	Self-protection from malware - part I

• Politique de confidentialité
• Contrat de licence
• Trademarks
• Plan du site
• Nous contacter

© Norman ASA