Skip to main content

How can I get infected?

For a network user who is protected by a firewall and whose ICQ and IRC connections are disabled, infection will mostly occur via an email attachment or through a software download from a website.

Many users claim never to open an attachment or to download software from an unknown website, however clever social engineering techniques used by hackers can trick most users into running the infected attachment or downloading the malicious software without even suspecting a thing.

An example of a Trojan that made use of social engineering was the Septer.

troj, which was transmitted via email in October 2001.

This was disguised as a donation form for the American Red Cross's disaster relief efforts and required recipients to complete a form, including their credit card details.

The Trojan then encrypted these details and sent them to the attacker's website.

  >> Infection via attachments

It is amazing how many people are infected by running an attachment sent to their mailbox.

Imagine the following scenario: The person targeting you knows you have a friend named Alex and also knows Alex's email address.

The attacker disguises a Trojan as interesting content, for example, a Flash-based joke, and emails it to you in your friend's name.

To do so, the attacker uses some relaying mail server to falsify the email's FROM field and make it look like Alex is the sender: Alex's email address is alex@example.com so the attacker's FROM field is changed to alex@example.com.

You check your mail, see that Alex has sent you an attachment containing a joke, and run it without even thinking that it might be a malicious because, hey, Alex wouldn't do something like that, he's my friend!

Information is power: Just because the attacker knew you had a friend Alex, and knew and guessed that you would like a joke, he succeeded in infecting your machine!

Various scenarios are possible. The point is that it only takes ONE network user to get your network infected.

In addition, if you are not running email security software that can detect certain exploits, then attachments could even run automatically, meaning that a hacker can infect a system by simply sending you the Trojan as an attachment, without any intervention on a user's part.
  _________________________

Labels:

Comments

Post a Comment

Popular posts from this blog

What is Port (computer networking)

In the internet protocol suite, a port is an endpoint of communication in an operating system. While the term is also used for female connectors on hardware devices (see computer port), in software it is a logical construct that identifies a specific process or a type of network service. A port is always associated with an IP address of a host and the protocol type of the communication, and thus completes the destination or origination network address of a communication session. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. For example, an address may be 'protocol: TCP, IP address: 1.2.3.4, port number: 80', which may be written 1.2.3.4:80 when the protocol is known from context. Specific port numbers are often used to identify specific services. _________________________
Post a Comment
Read more

What is a localhost ?

In computer networking, localhost is a hostname that means this computer. It is used to access the network services that are running on the host via its loopback network interface. Using the loopback interface bypasses any local network interface hardware. The local loopback mechanism is useful for testing software during development, independently of any networking configurations. For example, if a computer has been configured to provide a website, directing a locally running web browser to http://localhost may display its home page. On most computer systems, localhost resolves to the IP address 127.0.0.1, which is the most commonly used IPv4 loopback address, and to the IPv6 loopback address. _________________________
Post a Comment
Read more

What is Back Door?

A back door is generally a piece of code intentionally left by the developer of the software or firmware that allows access without going through the normal security process. Back doors may also be the result of different malware/virus attacks that leave a method for remote, unsecured access into a device once the malicious code has been executed. _________________________
Post a Comment
Read more