Posted by on May 15, 2010

All malware takes advantage of one or more known vulnerabilities on your computer. If you are connected to the Internet or even to a local computer network, or if you use CDs or other removable media that were not created on your computer, then you are vulnerable. There is no way around it. There are five primary sources for such weaknesses:

  1. Very common applications. If millions of people are using the same software, that presents a very tempting target to bad guys. If they can find a way to compromise that one application, they have a key to unlock millions of computers. Using less common programs that perform the same functions gives you a certain amount of immunity—it’s the reason Macs and Linux machines have fewer viruses than Windows—but sometimes a program is very popular because it’s very good. The less popular version might not have the features you need.
  2. Overly complex applications. The more tricks a program can perform, the more tricks an attacker can employ to break it. As Internet Explorer adds more features, it becomes more vulnerable to abuse. Things like ActiveX and Silverlight allow a web designer to create some very cool Internet-based applications. Now think of a virus writer as a web designer. Microsoft is not the only company that’s guilty of trying to cram too many features into a single package. Adobe has become notorious for giving away very useful programs with gaping security holes. Sun and other companies have the same problem. Whenever possible, use simple, single-purpose applications and disable features that you don’t use in more complex software.
  3. Shoddy programming. Some programmers cut corners. It makes their job easier and frequently makes the software cheaper. Unfortunately, it also makes it easier to break. Bigger companies like Microsoft and Apple frequently do a better job at thoroughly checking their programs and covering all the bases than many smaller companies. Frequently, but not always. It seems like I hear about a new vulnerability in one of Adobe’s free applications every month. This comes from the company and its programmers focusing on what they want to happen with their software and not thinking ahead about what could happen.
  4. Afterthought security. Thinking about security after the fact is better than not thinking about it at all, but it’s not nearly as good as building good security into a product from the beginning. Add-ons are usually easier to bypass and break.

The most important steps you can take to protect yourself as a user are disabling unnecessary features (such as javascript in Adobe Reader) and installing software updates. If the programs you use offer automatic updates, it’s usually better to enable them. If they don’t, then you’ll have to check the source company’s website or subscribe to their mailing list.

PEBKAC

I said there were five primary sources of vulnerability, but I’ve only told you about four of them. That’s because I was saving the best for last: YOU!

Your behavior is the single most important factor in malware infections. If you want to avoid sports injuries, you keep yourself in good shape, stretch before and after a workout, and avoid some types of movements and activities. If you aren’t overly concerned about your safety, then by all means, point your mountain bike down the nearest rocky slope and go! Don’t forget to forget your helmet.

The same principle works for computer safety. You need to know what antivirus software you have installed on your computer. You need to keep your computer updated with the latest updates and security fixes. You need to pay attention to what kind of websites you are visiting and what kinds of advertisements you are clicking on. Sites containing pornography, games, hacking, and file sharing are far more likely to spread malware than reference and news sites. Music and social networking sites fall somewhere in between. Don’t click on advertisements. If you want to know more about a product, copy down the name and find the company’s website using your favorite search engine.

The key is to pay attention. Be aware of what you are doing on your computer, and be especially wary of anything unusual.

Bad Links

Spammers, phishers, and other malware creators have become very adept at tricking people into visiting malicious websites and installing malware on their own computers. Never click on a link in an email from someone you don’t know unless you are absolutely certain it is safe and the link goes exactly where it says it goes.. Never open an attachment in an email from someone you don’t know and if you weren’t expecting it. Even if your best friend sends you a link to a website, be cautious. If the message doesn’t sound quite like your friend, it might not be! If you’ve never been drunk and naked in public, then don’t click on a link to a video that claims to show you drunk and naked in public.

Pay attention to the website addresses in links, too. If a link says it goes to Microsoft, then make sure it actually goes to Microsoft’s website. Here’s how you can tell. A website address, called a URL or Uniform Resource Locator, has five basic parts.

http :// www . microsoft . com / Security_Essentials

  1. Protocol. This tells your computer what kind of data to expect and how to interpret it. Most Internet URLs will use http or https (HyperText Transfer Protocol and HyperText Transfer Protocol Secure, respectively). You might also see ftp (File Transfer Protocol), though more rarely. The protocol indicator is followed by a colon and two forward slashes.

  2. Server. This part specifies which computer at Microsoft contains the web page you want to view. It could have multiple parts separated by dots or it might not be there it all. It could be called just about anything, but it will never contain a slash.

  3. Domain. This is like a company name. It will always contain a name with no dots (in the middle) or slashes. It will always end in a dot.

  4. Top level domain. This is sort of like a country on the Internet. In fact, every country has its own top level domain. The United Kingdom has .uk, and Russia has .ru. There are also many top level domains that are international in scope, and are supposed to be used for specific purposes: .info, .com, .org, .net, et cetera. The top level domain will always be at the very end of a website address unless it is followed by a slash.

  5. Directory and files. This tells the computer that hosts the website where to find the specific files you want to see. This part could contain just about anything and can be very long. It can also include special codes that include search terms, account information, and other data a website might need for you to see it properly.

The most common way the bad guys will try to trick you into going to their website is by putting something official-sounding in the server or directory and file fields. Just remember this pattern: http://servername.domain.dom/otherstuff. Pay very close attention to what’s between the slashes, especially the domain name and the top level domain name. If the top level domain isn’t the very last thing in the address, then it will always be followed by a slash.

Although these URLs look like they belong to Microsoft, none of them actually do:

http://microsoft.com.sneakyhacker.com/windows_update/official-site/really%20its%20true

http://automatic-updates.windows.com.trickingyou.net/870983488%20redirect-microsoft.com

https://msoffice2010.microsoft.com.dirtytrick.ru

Look at the parts between the protocol and the slash that’s after the top-level domain name. I color-coded the five parts of a website address and underlined the domain name to help you see how they are trying to trick you. Don’t actually go to any of those websites! I just made them up and didn’t check to see if they actually exist, but I wouldn’t be surprised if the domain names are real.

The moral of this last story is this: pay attention to what you are doing, what’s on your computer, and what you click on. It sounds like more trouble than it’s worth, but it’s not really that hard once you develop good habits. Your bank balance will thank you someday.

Posted in: Malware

Comments

  1. Convergence » Blog Archive » Fraudsters Are Getting Better at Fraud - [...] cursor over the link and see where it really goes. Look at the “Bad Links” section of Malware part…

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*