Some Un-jolly Tidings...

12/31/2008 19:49

With the holidays here, there are many not-so-jolly “traditions” that are percolating through the internet. Specifically, we are focusing on the social engineering attacks frequently referred to as a confidence trick or as a con.

A con is the basis for a number of online or computer threats. A social engineering attack involves an action on our part, that we are tricked into taking. These attacks take many forms and are some of the most difficult to guard against because they involve actions we take and not just the technology. In other words, since we are part of the problem, we need to be part of the solution.

This year’s popular attacks include:

“Windows Anti-virus 2009” Trojan horse (a Trojan horse is where we install a program that appears benign but is actually malicious)

• Attack method: This insidious browser pop-up appears to be a security warnings, usually from “Windows Anti-virus 2009” or similar. It installs a particularly nasty virus that many anti-virus programs do not detect. Random websites appear to be infected with this virus, and it can pop up at any time. This malware does require our cooperation to install.
• Defense: Know your system. There is no such thing as “Windows Anti-virus” and your legitimate anti-virus program’s name should be displayed when it detects something. Warning: if you receive this pop-up, be aware that clicking on any button in the window seems to start the installation process. Use the keyboard shortcut to close it: hold down the “ALT” then press the “F4” key to close it instead of clicking anything. Use this method to close anything else that may start to run. Run a full virus scan afterwards and call your technical support if you find things behaving strangely afterwards.

“Shipping” email virus (an email virus is malicious software program that is spread through email)

• Attack method: Emails that appear to be from legitimate shipping companies (FedEx, UPS, USPS, etc.) that have an attachment containing malware. This especially tricky around the holidays when people are expecting shipping notices.
• Defense: Read the emails thoroughly. Many of them have subject line from one company (such as the UPS) and the message claims to be from a different company (such as FedEx). Also, shipping companies don’t send attachments. Finally, as a general rule, don’t open attachments unless they are from a fully trusted source and you are expecting them.

"Phishing" (Phishing involves connecting to a website that appears to be legitimate, but is in fact recording any sensitive information posted)

• Attack method: These generally are emails pretending to be from a financial institution (such as a bank), and requests that you log in for some reason. The provided link in the message takes the user to a website with a similar name to the legitimate website, and that looks like the legitimate website. Sometimes, the site will even function once the user logs in. However, once the user does log in, the username, password, and anything displayed are recorded, giving that information to the phisher.
• Defense: While newer browsers include some measures against this, the best method is to avoid using links in email messages from online vendors you use. Instead, log in directly from your browser by typing in the website or using your previously configured favorites. Also pay attention to any security warnings for these vendor’s sites, and verify that the session is encrypted (usually a lock icon) before entering any information to a website.

As always, we need to make sure that our programs are fully up to date, including our anti-virus and operating systems, and we need to practice safe computing to keep this season from becoming very un-jolly.

HAPPY HOLOIDAYS! -J-