Malware: Threats and Risks – What You Can Do About It, Part 2
In Part 1, we discussed the definition of malware; provided an example of how easy it is to get malware onto your computer; and detailed several caveats on proactive steps to take and also what to look for to avoid being victimized.
This post focuses on email issues that could cause damage. Every day we see links into spam emails; the email per se may be clean; it may just be spam and not necessarily malware infected but it contains a link (with the name of the link masked). Here’s a recent sampling – an email contained a link presumably to a downloadable PDF file, when in reality, the actual (embedded) link would send us to a web server hosted in India. Naturally, we didn’t click through to see what awaited on the other side but this is yet another example of how hackers can mislead users into clicking on something thus causing harmful code to be downloaded and installed.
At first look, these emails generally look official and realistic – they may appear to be coming from the U.S. Internal Revenue Service; another may state that your wire transfer was ‘blocked by the Federal Reserve‘; and the list goes on. Furthermore, they’re often seasonal: case in point being the IRS look-alikes which tend to be distributed after April 15th for obvious reasons.
You may also have seen emails allegedly coming from your ‘bank’ requesting that you verify a transaction and/or personal information. By clicking on the email, you’ll either cause something to be installed on your machine; or you’ll be redirected to a web site that looks remarkably similar to your bank BUT it is actually a reproduction hosted on a rogue server and the sensitive data you’ll be asked to enter can (and will) be used to quickly steal a lot of personal financial information.
Last year, we all heard about the RSA breach (http://www.nytimes.com/2011/06/08/business/08security.html?pagewanted=all). This entire series of events was started by an employee clicking on a link in an email that appeared legitimate. This case was different because the hackers launched a very focused attack – the email seemed incredibly genuine; the user clicked; and a Trojan was downloaded. Said Trojan went to work, and stealthily downloaded a larger piece of code, which scoured the LAN for the specific information the hackers were after. But again, the whole thing started simply because someone clicked on a link they should have avoided!
For the most part, all of these email scams have one common agenda – to steal something be it personal data; corporate information; or customer particulars.
Part 3 will cover the various methods that malware can infect a network.
As always, if you have any questions, please contact me at pierluigi.stella@networkboxusa.com.