Phony Sites and Dangerous Attachments

There’s an old saying that you never get something for nothing,

Still, the ploy of offering something for free continues to be a big draw for both legitimate ("But wait--there's more! Call right now and we'll throw in a set of knives and a popcorn popper!") and not-so- legitimate ("Buy one acre of swampland in Florida and get a second acre free!") businesses.  

 

And most of us are so eager to get something free that we may be distracted from thinking clearly about the offer or the promise being made.

 

We know the familiar warning, "buyer beware," but it's time to heed another warning: Beware of come-on email attachments and free software. The savvy attacker will use nearly any means to break into the corporate network, including appealing to our natural desire to get a free gift. Here are a few examples.

 

WOULDN'T YOU LIKE A FREE (BLANK)?"

Just as viruses have been a curse to mankind and medical practitioners since the beginning of time, so the aptly named computer virus represents a similar curse to users of technology. The computer viruses that get most of the attention and end up in the spotlight, not coincidentally, do the most damage. These are the product of computer vandals.

 

Computer nerds turned malicious, computer vandals strive to show off how clever they are. Sometimes their acts are like a rite of initiation, meant   toimpress older and more experienced hackers. These people are motivated to create a worm or virus intended to inflict damage. If their work

   

destroys files, trashes entire hard drives, and emails itself to thousands of unsuspecting people, vandals puff with pride at their accomplishment. If the virus causes enough chaos that newspapers write about it and the network news broadcasts warn against it, so much the better.

 

Much has been written about vandals and their viruses; books, software programs, and entire companies have been created to offer protection, and we won't deal here with the defenses against their technical attacks. Our interest at the moment is less in the destructive acts of the vandal than in the more targeted efforts of his distant cousin, the social engineer.

 

It Came in the Email

You probably receive unsolicited emails every day that carry advertising messages or offer a free something-or-other that you neither need nor want. You know the kind. They promise investment advice, discounts on computers, televisions, cameras, vitamins, or travel, offers for credit cards you don't need, a device that will let you receive pay television channels free, ways to improve your health or your sex life, and on and on.

 

But every once in a while an offer pops up in your electronic mailbox for something that catches your eye. Maybe it's a free game, an offer of photos of your favorite star, a free calendar program, or inexpensive share" ware that will protect your computer against viruses. Whatever the offer, the email directs you to download the file with the goodies that the message has convinced you to try.

 

Or maybe you receive a message with a subject line that reads Don, I miss you," or "Anna, why haven't you written me," or "Hi, Tim, here's the sexy photo I promised you." This couldn't be junk advertising mail, you think, because it has your own name on it and sounds so personal. So you open the attachment to see the photo or read the message.

 

All of these actions--downloading software you learned about from an advertising email, clicking on a link that takes you to a site you haven't heard of before, opening an attachment from someone you don't really know--are invitations to trouble. Sure, most of the time what you get is exactly what you expected, or at worst something disappointing or offensive, but harmless. But sometimes what you get is the handiwork of a vandal.

 

Sending malicious code to your computer is only a small part of the attack. The attacker needs to persuade you to download the attachment for the attack to succeed.

 

NOTE

One type of program know in the computer underground as a RAT, or Remote Access Trojan, gives the attacker full access to your computer, just as if he were sitting at your keyboard.

 

The most damaging forms of malicious code - worms with names like Love Letter, SirCam, and Anna Kournikiva, to name a few - have all

 

relied on social engineering techniques of deception and taking advantage of our desire to get something for nothing in order to be spread. The worm arrives as an attachment to an email that offers something tempting, such as confidential information, free pornography, or - a very clever ruse - a message saying that the attachment is the receipt for some expensive item you supposedly ordered. This last ploy leads you to open the attachment for fear your credit card has been charged for an item you didn't order.

 

It's astounding how many people fall for these tricks; even after being told and told again about the dangers of opening email attachments, awareness of the danger fades over time, leaving each of us vulnerable.

 

Spotting Malicious Software

Another kind of malware - short for malicious software - puts a program onto your computer that operates without your knowledge or consent, or performs a task without your awareness. Malware may look innocent enough, may even be a Word document or PowerPoint presentation, or any program that has macro functionality, but it will secretly install an unauthorized program. For example, malware may be a version of the Trojan Horse talked about in Chapter 6. Once this software is installed on your machine, it can feed every keystroke you type back to the attacker, including all your passwords and credit card numbers.

 

There are two other types of malicious software you may find shocking.

One can feed the attacker every word you speak within range of your computer microphone, even when you think the microphone is turned off. Worse, if you have a Web cam attached to your computer, an attacker using a variation of this technique may be able to capture everything that takes place in front of your terminal, even when you think the camera is off, day or night.

 

LINGO

MALWARE Slang for malicious software, a computer program, such as a virus, worm, or Trojan Horse, that performs damaging tasks.

 

MITNICK MESSAGE

Beware of geeks bearing gifts, otherwise your company might endure the same fate as the city of Troy. When in doubt, to avoid an infection, use protection.

 

 

A hacker with a malicious sense of humor might try to plant a little program designed to be wickedly annoying on your computer. For example, it might make your CD drive tray keep popping open, or the file you're working on keep minimizing. Or it might cause an audio file to play a scream at full volume in the middle of the night. None of these is much fun when you're trying to get sleep or get work done.., but at least they don't do any lasting damage.

 

MESSAGE FROM A FRIEND

The scenarios can get even worse, despite your precautions. Imagine: You've decided not to take any chances. You will no longer download any files except from secure sites that you know and trust, such as SecurityFocus.com or Amazon.com. You no longer click on links in email

from unknown sources. You no longer open attachments in any email that you were not expecting. And you check your browser page to make sure there is a secure site symbol on every site you visit for e-commerce transactions or to exchange confidential information.

 

And then one day you get an email from a friend or business associate that carries an attachment. Couldn't be anything malicious if it comes from someone you know well, right? Especially since you would know who to blame if your computer data were damaged.

 

You open the attachment, and... BOOM! You just got hit with a worm or Trojan Horse. Why would someone you know do this to you? Because some things are not as they appear. You've read about this: the worm that gets onto someone's computer, and then emails itself to everyone in that person's address book. Each of those people gets an email from someone he knows and trusts, and each of those trusted emails contains the worm, which propagates itself like the ripples from a stone thrown into a still pond.

 

The reason this technique is so effective is that it follows the theory of killing two birds with one stone: The ability to propagate to other unsuspecting victims, and the appearance that it originated from a trusted person.

 

MITNICK MESSAGE

Man has invented many wonderful things that have changed the world and our way of life. But for every good use of technology, whether a computer, telephone, or the Internet, someone will always find a way to abuse it for his or her own purposes.

 

It's a sad fact of life in the current state of technology that you may get an email from someone close to you and still have to wonder if it's safe to open.

 

VARIATIONS ON A THEME

In this era of the Internet, there is a kind of fraud that involves misdirecting you to a Web site that is not what you expected. This happens regularly, and it takes a variety of forms. This example, which is based on an actual scam perpetrated on the Internet, is representative.

 

Merry Christmas...
A retired insurance salesman named Edgar received an email one day from
PayPal, a company that offers a fast and convenient way of making online
payments. This kind of service is especially handy when a person in one
part of the country (or the world, for that matter) is buying an item from              
an individual he doesn't know. PayPal charges the purchaser's credit card             
and transfers the money directly to the seller's account.
As a collector of antique glass jars Edgar did a lot of business through
the on-line auction company eBay. He used PayPal often, sometimes several times a week. So Edgar was interested when he received an email in      
the holiday season of 2001 that seemed to be from PayPal, offering him a
reward for updating his PayPal account. The message read:

 

Season's Greetings Valued PayPal Customer;

As the New Year approaches and as we all get ready to move a year ahead, PayPal would like to give you a $5 credit to your account!

All you have to do to claim your $5 gift from us is update your information on our secure Pay Pal site by January 1st, 2002. A year brings a lot of changes, by updating your information with us you will allow for us to continue providing you and our valued customer service with excellent service and in the meantime, keep our records straight!

 

To update your information now and to receive $5 in your PayPal account instantly,

click this link:

 

http://www, paypal -secure. com/cgi bin

 

Thank you for using PayPal.com and helping us grow to be the largest of our kind!

Sincerely wishing you a very "Merry Christmas and Happy New Year,"

PayPal Team