The most common sort of attacks are trojan horses. According to FBI, during the year of 2009 71% of the attacks were trojans. (State of internet security 2009, n.d.). trojans are lightweight malicious software, which are used as gateways by intruders to attack or gain remote access/control over a system through global bots and botnets. Most of them, consists of 2 parts: server and client. When a victime (unknowingly) runs the a trojan server in his/her machine the attacker than uses the client part of the trojan to connetc to the server and starts using the trojan. The protocol that is typically used by trojan horses are TCP, but some of the trojans use other protocols such as UDP etc. trojans are mainly aimed at modifying system files or windows registry. Thus, an intruder can get partial or full access to the resources of the affected computer. (How do trojans work?, n.d.).
Another highly increasing notable threat are Rogue security softwares which gains user's attention and trick them to install them by displaying fake infection results prommising to remove the infected files upon installation. It claims to provide security while doing the oposite. Those who are being tricked with such softwares are bombered with annoying fake and enormous alert messages, exposing them to additional internet threats. I personally had experience with such a software named "Personal Security" and it was very hard to remove it. Amongst other Win32/Fake AV, Win32/Waledac, Win32/Kollah etc. are to name a few.
The next comes Win32/Conflicker family. conflicker is believed to be the largest worm infection since 2003. "Win32/Conflicker.B aggresively propogates from removable drives and shared folders within the affected network. It communicates with other infected machines through its own peer-to-peer protocol while participating in a global network." (State of internet security 2009, n.d.). In 2009, new conflickers has emerged with more destructive potentials such as Win32/Conflicker.B++ and Win32/Conflicker.C.
The file infectors are also a big concern in internet security. During the first half of the year 2009, Win32/Virut has been highly active and caused a lot of security damage. Virut attaches its malicious code in various ways. "When an infected file is executed, Virut's code runs before any host program code. The virus derypts then injects part of its codes into all running processes". (State of internet security 2009, n.d.).
Next to come, are the E-mail spams, which is the most common way of infection now-a-days. Spaammers use socail engineering techniques to trick users into clicking links which then either download virus or take them to malicious coded websites. Spammers continuously change schemes and strategies to go past spam filters and exploit realistic events and topics to acheive their goal of installing maliciopus program.
A surprise comeback of Ransomware was being experienced by the first half of 2009. Ransomeware encrypts user files and data making them unusable. cybercriminals then offers to decrypt the data for a fee. Examples of Ransomware includes, Win32/FileFixPro2009, which is a duo containing Win32/FileFixPro2009.A and Win32/RansomFix.A. Win32/RansomFix.A encrypts user files and data and informs the user about the infection. To repair the files Win32/RansomFix.A redirects the user to a website which hosts Win32/FileFixPro2009.A and asks the user to purchase it for $49.95 to fix the so called "corrupted files".
With the cyber crime at its peak than ever, it ios very important to be more security cautious and implement safe computing. To be safe, you must implement the right security software update regularly, understand your daily computer activity and use common sense.
References:
1. How do trojans work? (n.d.). retrieved December 25, 2009 from http://kbase.gfi.com/showarticle.asp?id=KBID001671
2. State of internet security 2009. (n.d.). retrieved December 25, 2009 from http://itc358.googlegroups.com/web/2009ThreatReportFinal.pdf?hl=en&gda=Rkpc2k8AAAAbuQXOjJwpORSVPvRy9SpeB3MGidS2VdTc51jzEKnBjpHJOOEQ3YCMKdY77q9kpntSFZZj4oONa9gflrHsMyKw8LHiMuWlzfoXX4r9YSbaeg
No comments:
Post a Comment