Last weekend I got to play a rousing game of "peek a boo" with my 2 year old, cute as a button niece. My kids are a little older now, so I forgot about how kids believe if cover their eyes, I’m not there.
Hmm, sounds familiar.
A few people I’ve spoken to lately don’t know much about internet attacks, or if they even have a firewall set up – but since they don’t see them, the hackers out there will somehow not get them. There is a little truth to the idea of 'security via obscurity' but ...
Boo!
I’ve read where over 75% of households surveyed thought they had “good” protection against viruses, spam etc. Of these only 30% were adequate. Most were using what came with the computer when it was purchased – and may or may not have been using the updates.
Here’s a flow of events to think about:
Day 0. A researcher publishes a newly discovered “hole” in a device (PC, iPhone, game console) for someone to take advantage of
Day 1. Anti-virus (AV) company begins work to plug this hole
Day 2. Badguys also begin work to take advantage of this hole
Day 3. AV company publishes fix
Day 3. Badguys release code to take advantage of it
In this scenario, if you’re using a reasonable protection scheme that’s updated automatically – you should be ok.
But what if the Badguys take advantage of a hole before the AV companies are ready for them? That’s called a Zero-Day attack.
Here’s one described:
The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.
The SANS ISC (Internet Storm Center) said in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC incident handler tracking the attack.
When the .doc attachment is opened, it exploits a previously unknown vulnerability in Microsoft Word and infects a fully patched Windows system. The exploit functioned as a dropper, extracting and launching a Trojan that immediately overwrites the original Word document with a "clean," uninfected copy.
"As a result of the exploit, Word crashes, informs the user of a problem, and offers to attempt to re-open the file. If the user agrees, the new 'clean' file is opened without incident," the ISC explained.
read more
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment