 |
 Trojan Horses: How Can I Get Infected?
by Dancho Danchev
the author of "The Complete Windows Trojans Paper".
Via Attachments
I'm always amazed how many people got themselves infected by an attachment, sent into their mailboxes. Most of these users are new to the Internet and are pretty naive. When they receive a mail,containing an attachment, saying they will get free porn, free Internet access etc., they run it without completely understanding the risks for their machines. Check the following scenario: you know your friend Alex is a very skilled Visual Basic programmer. You also know he's coding his latest program but you're curious what it is all about, and you wait for an e-mail from him with the attachment when he finishes coding the application. Yeah, but the person targeting YOU also knows that. The attacker also knows your friend's e-mail address. Then the attacker will simply code some program or get some freeware one, use some relaying mail server to fake the e-mail's FROM field and make it look like your friend's one; Alex's e-mail address is alex@example.com so the attacker's FROM field will be changed to alex@example.com and, of course, it will include the TROJANED attachment... You'll check your mail, see that Alex finally got his program ready and sent it, you'll download and run it without thinking that it might be a trojan or something else, because, hey, Alex wouldn't do something like that to me, he's my friend, and you'll get yourself infected.
Information Is Power! Just because the attacker knew you were waiting for some particular file, he found Alex's e-mail address and got you infected... the right moment assumes importance here. And it all happened just because you were naive, just because you saw alex@example.com in the FROM field, and just because you didn't check the mail headers to see that the mail came from some .jp mail server relaying e-mails and, has been used from spammers for several months.
Many people got themselves infected by the famous "Microsoft Internet Explorer Update" sent directly to their mailboxes, by the nonexistent Microsoft Updates Staff. I understand you felt great because Microsoft are paying attention especially to you, and sent you the latest updates, but these "updates" are definitely trojans. Microsoft will NEVER send you updates of their software via e-mail no matter you see the FROM field is updates@microsoft.com and as you've noticed in the previous example the FROM field could and IS faked. If you ever notice some mail in your mailbox with subjects like "Microsoft IE
Update" and such, delete WITHOUT viewing or reading the e-mail, because some E-Mail clients like Outlook Express and others, have bugs that automatically execute the file being attached in the e-mail WITHOUT you even touching it. As you can imagine this is a extremely dangerous problem that requires you to be always up to date with the latest version of any software you're using.
Previous | 1 | 2 | 3 | 4 | 5 | 6 | Next
|
|
