Using the Internet continues to be a risky endeavor as the range of exploits and attacks continues to increase. Even without seeking out questionable content, it is easy to be compromised by a wide range of common online attacks. Here are five unfortunately common online attacks and what you need to do about them.
A drive-by download is the transfer and execution of malicious code from a website to your browser. This takes place automatically if you leave scripting and mobile code execution on (which it is by default) and just happen to visit a compromised website. Generally the responsibility is on the shoulders of the website owners to reduce their vulnerabilities to scripting attacks, such as XSS (cross site scripting). However, even as a visitor there are steps you can take to reduce your risk. First, stop using Internet Explorer. Second, use a script management tool in your browser, such as ScriptSafe for Chrome or ScriptNo for Firefox. These tools disable mobile code and script execution. When you encounter a site that does not function without mobile code or script execution, you can enable temporary or permanent script support on a per-site basis. Using this type of tool will keep you protected by default on all new sites you visit, and if you are cautious about enabling script support, keep your risk to a minimum on sites you visit regularly.
Trojan Horse Files
A Trojan Horse file is created by combining a benign file with a malicious file. The benign file is usually some type of attractive file, such as a game, screensaver, browser plug-in or admin utility. The benign file is used to host the malicious payload. The trick of a Trojan Horse is that it may fool the victim into believing that the only item being received is that of the host. However, once the host file is opened, the malicious payload is secretly delivered to the system. Trojan Horse files are unfortunately successful and common means of distributing malware. You need to be extra cautious when accepting files from outside sources. Always seek out the original provider or vendor of a file rather than use an intermediary file host, exchange or distribution service. Avoid the use of peer-to-peer file sharing services, don’t open email attachments and don’t use portable storage devices that may have come in contact with unknown systems. Trojan Horse protection is all about avoiding the exposure to potentially compromised host files.
A man-in-the-middle (MitM) attack occurs when an attacker-controlled system is inserted into the communication pathway between a client and a server at the moment that connection is setup. An MitM attack is initiated through a resolution exploitation, such as ARP, DNS, DHCP or proxy, where the client is fooled into using the attacker’s system as a node rather than the correct device when seeking to interact with a server. This attack is not an easy one to prevent. Unfortunately, the only guaranteed option is usually not available or supported, which is mutual certificate-based authentication. Since most clients don’t have a digital certificate and most servers don’t accept client certificates, the best defense is unavailable to most of us. Instead, you need to be aware of your IP configuration settings (IP address, subnet mask, default gateway and DNS server) and any proxy settings. From time to time, check that the settings you are currently using are still valid. If you suspect that you might be receiving a false DNS resolution, you can use online DNS resolution services, such as the Domain Dossier at centralops.net to perform a check. If this site shows a different IP address than that which you received, then there is a chance a DNS based MitM is taking place. Similarly, if you negotiate an SSL/TLS encrypted session with a server, there is a chance that was MitM attacked. To check that, click on the padlock then find the details of the server’s digital certificate, locate the last item in the list called the thumbprint. Next, visit grc.com and use the Service menu item HTTPS Fingerprint. Through this service you can compare the thumbprint of what you received against the thumbprint that grc.com received. Barring Google and Apple sites, if these thumbprints are not the same, you are experiencing a SSL/TLS MitM attack. In any case, disconnect. Then re-check your system for malware and altered configurations.
Social Network Exploits
Social network exploits abound. Most are considered affiliate fraud. Affiliate fraud is when you believe or accept something from another person because you have a relationship with them or share a common interest. Most exploits taking place through social networks, which includes website-based services and messaging based services, are social engineering based. The goal of these attacks is often to trick you into revealing personal data for the purpose of identity theft or account takeover. Other attacks may encourage you to download/install applications or visit external URLs, either of which would turn out to be malicious in some way. As a user of social networks, you must be on guard at all times. Don’t automatically believe everything posted, don’t accept click links and don’t download offered files. If something sounds interesting or plausible, do you own Internet search (external to the social network) to locate the facts or discover the fraud. This will help you avoid most scams and attacks.
Spear phishing is another form of social engineering. It is the sending of messages targeted to those who have a relationship with the spoofed source identity. Each time an online company experiences a data breach, hackers learn about their customers or clients. These lists are then used to target potential victims with communications crafted to seem as if they originated from the compromised company. The best way to avoid being scammed by a spear phishing attack is to be able to recognize a fake message when it arrives. Additionally, avoiding opening attachments and not clicking on in-message hyperlinks will further your protection against spear phishing. To see examples of phishing attacks, visit phishtank.com.
The Internet is a dangerous place. Using it without taking precautions isn’t wise. Following my recommendations will reduce your potential exposure to attacks and exploits and will minimize your risk of being scammed. Good luck and be safe out there!