Lurking Internet Dangers: What You Might Get Hooked With - Part 1

Overview

Alongside the obvious benefits brought by the Internet, many hidden risks exist that threaten the well-being of millions of computer users. In the present Security Insight edition, we’ll try to enumerate the most critical risks associated with being online and propose steps to confront these risks.

As the article was being written, it grew bigger in size warranting us to publish two monthly increments of the document, so there will be two parts of the text - the present one and the succeeding part.

Threat #1: Outside Attack

This is one of the most common dangers. Just as connecting to the Internet allows you to access any other Internet address worldwide, so it also allows everyone else to access your system. While most personal computer users may think they have little reason to be attacked, in practice most attacks are either automatic probes (where a malicious individual scans a range of addresses looking for systems with a specific vulnerability) or result from malware (notably worms - programs which seek to spread from system to system).

While it is still the case that businesses are more attractive targets for skilled attackers, home users’ systems can, if hijacked, be used for a number of purposes including:

• Sending spam (junk emails).
• Launching attacks on websites (often as a form of blackmail on website owners).
• Relaying data, normally to hide the true location of a website (especially one hosting illegal content such as child pornography).
• Hosting illegal content directly.

To take control of a system, an attacker needs to make it to run a program of his choosing (most likely by exploiting a vulnerability in Windows or any other program using an Internet connection). If successful, this program will then typically remain active in the background, accepting commands from the attacker and reporting back on its status.

Not only have such attacks greatly increased in frequency (according to Dshield.org, a website that collects attack data, an unprotected system will be compromised on average within 17 minutes), but the programs used have increased in sophistication, becoming much harder to detect or remove.

Another type of external attack is the Denial of Service (DoS) attack - the aim here is not to take over a system but to disable it. This can be done either by sending network data designed to cause a system crash (by including illegal parameters for example) or by sending large amounts of data, swamping a user’s Internet connection.

A firewall will detect and discard any unsolicited data (that not sent in response to a request made by your computer) so will block almost all probes. If you run programs that need to accept incoming connections however (such as file-sharing software, any servers and voice-over-IP/videoconferencing), you will need to configure your firewall to permit these - in such cases care should be taken to restrict traffic as much as possible to reduce the possibility of an attack getting through. More recent firewalls can also detect (and block) DoS attacks from affecting your computer - however only the Internet Service Provider (ISP) can prevent a line from being swamped by excess data.

If you have a Local Area Network (LAN - either wired or wireless) then this may provide another method of attack, which can bypass firmware-based firewalls (such as those included in many Internet routers). It is therefore important to ensure that every PC in that LAN is protected and that wireless networks in particular are secured from unauthorised access.

To prevent probes or outside attacks on your computer, the following should be done:

• Install a firewall (either firmware or software) and ensure that it is properly configured (consider using a scan site like "Shields Up!" at https://grc.com/x/ne.dll?bh0bkyd2 to test your online visibility).
• Apply all security updates for Windows and any other software you use.
• If you have a wireless LAN, activate WEP (Wired Equivalent Privacy) encryption to prevent outsiders from using it to access your Internet connection or attack your computers. While WEP is not completely secure, the 128-bit version should force an attacker to spend more time in wireless range before being able to enter your network.
• If you have a LAN of any type, consider installing a software firewall (such as Outpost) on each system (so that even if one system was hijacked, it could not be used to easily take over others).

Threat #2: Virus, worm or spyware infection

This problem has also greatly escalated over the last couple of years and can be split into several categories:

• Adware - any software that displays advertising. Aside from being irritating, adware may slow down a system or cause conflicts with other software. Examples: Gator, WhenU.
• Browser hijacker - this alters browser settings (e.g. adding a toolbar or changing the home page and search page in Internet Explorer) typically to redirect users to pay-per-click search engines or specific websites. May also modify Favorites/Bookmarks to add extra sites - often pornography related. Examples: CoolWebSearch, ISTBar.
• Spyware - collects personal or private data either openly or surreptitiously. This can include websites visited, programs used, details of emails and other messages and even (in the worst cases) passwords and credit card details. Examples: MarketScore.
• Dialer - uses the modem to phone a premium rate number. This used to be common with pornography sites as an alternative method of charging visitors (where the number would be used for a short time only while downloading content) but some dialers caused all further Internet access to be charged at premium rate. Does not affect users connecting via other means (e.g. DSL, satellite, cable). Examples: Haldex, SitelCon.
• Worms and viruses - programs which spread from computer to computer and includes a payload which may include one of more of the above categories, may destroy or alter data. Examples: MyTob, Netsky, Zafi.
• Trojans - malware hidden within software that appears to be useful. Often used to take over machines (Remote Access Trojans) but can also include keyloggers (software that monitors keys typed, in order to capture passwords and credit card details). Examples: Optix, Bionet, Formglieder.
• Rootkits - software that hides itself and associated malware (from one of the above categories) by modifying core Windows functions. This makes detection and removal far harder and may require a disk reformat and Windows reinstall. Examples: HackerDefender, FU.

The most likely methods of being infected by one of the above are:

• Visiting a website that uses browser vulnerabilities (mostly with Internet Explorer) to download malware (known as "drive-by downloads").
• Downloading and running a program that seems harmless (a screensaver, game or utility software) but which also includes malware. Adware is often mentioned in End User Licence Agreements so check these carefully before allowing software to install (or use software like EULAlyzer to check them).
• Receiving and opening an infected file in an email attachment.

To reduce the risk of malware infection:

• Never run files you don’t trust or whose source cannot be reliably verified (file-sharing networks, Usenet and Internet Relay Chat downloads are especially risky).
• Disable ActiveX, Java and Javascript either in your browser software (IE, Mozilla, Opera) or by using a third party utility (like Outpost firewall’s Active Content filter) by default and only permit them for sites you trust.
• Use Opera or Firefox for web browsing instead of Internet Explorer. Aside from improved security, these browsers offer many usability enhancements (e.g. tabbed browsing, mouse gestures, fast search engine access) and both are free.
• Install an anti-virus scanner and always keep it updated (daily if possible).
• If you receive a file via email, always check it first with a scanner - even if it comes from a known source (friends, family, work colleagues) it is still possible for that address to be spoofed - or for their systems to be compromised.
• Be very cautious about visiting websites mentioned in spam emails. Many will try drive-by downloads as a means of spreading malware that benefits the spammer (either by giving them control over thousands of computers or spreading adware for which they can earn commission) and some may use new exploits not yet detected by anti-virus software.

This concludes the Part 1, in the upcoming part we’ll have more threats explained, so please stay tuned