View RSS Feed

100 Grades Per Minute

Malware - How It Works

Rate this Entry
, 20th May 2011 at 07:58 PM (6620 Views)
With the recent spotlight on malware and computer security I want to share some of the tricks I have discovered whilst reading up on it. And yes, some of these can affect multiple platforms (Windows/OSX/etc).

Google Image Poisoning: The act of using Google Image Search to trick users into visiting infected pages. Images related to popular topics on Twitter or the news are pushed high up the ranks of searches relating to that topic. Victims search for said topic in their droves, click the image and are taken to the malware author's website where they are free to attack.

This also occurs in the normal web search but image search is far more dangerous as there is no text to give clues if the site is genuine or not. It is also not restricted to only Google but other search engines may be affected.

Drive-By Attacks: These are carried out using scripts embedded into a web page to attempt to download code to the victim's computer. They can find their way on to legitimate sites too through compromising the web page's code or inserting a poisoned advert into the site's rotation through legitimate advertisement networks. Any site can be affected by this type of attack.

When visiting the page and the script is executed, it will attempt to either download malicious files or redirect the user to a malicious website where further attacks can take place.

Social Engineering: The use of human nature against itself. This is common on social networks where accounts are compromised and friends are sent messages with enticing offers or silly features such as a dislike button. The link to said offer is actually a scam and will send itself to the victim's friends. The same thing occurs on chat networks with messages such as "Is this you in this pic???" and a link to a malicious website.

The newest trend is the use of scripts pasted directly into the address bar. These scripts are then executed immediately and the attack is carried out with the user themselves acting as the trigger!

Fake Anti-Virus: Also known as FakeAV, this variation of social engineering warrants it's own entry. FakeAV attacks have grown rapidly over the past few years and involve a malicious site pretending that your computer is infected. In reality, many of the sites do not have access to your hard disk and cannot tell if your are infected with a virus.

The user, shocked by these warnings, proceeds to download a malicious program which is installed on the computer. The FakeAV may also create fake symptoms of a virus infection and demand that the user purchases the software to get rid of the infection and cure the symptoms. FakeAV effectively preys on a user's fear of losing their computer to a virus and tries to persuade them to take action too quickly to stop and think about what has just happened.

These are just some of the methods used by malware authors to find their way into your computer. The best defence is knowledge and understanding how malware is distributed, especially for social engineering scams. A good, up-to-date antivirus is essential with the days of drive-by downloads upon us!



Total Trackbacks 0
Trackback URL: