Ten Ways to Dodge CyberBullets, Part 5

This is the fifth in a series and is an update to our top 10 things that people can do to protect themselves against malicious activity we provided to our clients two years ago.

5. Trust people, not addresses

Don’t trust unsolicited files or embedded links, even from friends.

It’s easy to spoof email addresses, for instance, so that email appears to come from someone other than the real sender (who/which may in any case be a spam tool rather than a human being). Basic SMTP (Simple Mail Transfer Protocol) doesn’t validate the sender’s address in the “From” field, though well-secured mail services do often include such functionality.

On some older systems, it is possible sent email using someone else’s address, a trick that’s easily performed using telnet and an unsecured mail server, especially when you’re on the same network. Sometimes, you are able to identify the real sender immediately by his IP address but the nature of the 21st century Internet means that there are many ways of concealing such information, if you really want to stay hidden.

It’s also possible for mail to be sent from your account, without your knowledge, by malware, though malware that works in this way is far rarer than it used to be. It’s far more effective for a spammer to hire the services of a bot herder nowadays, and malware that manages to infect your system doesn’t have to use your mail account or client software to send spam, scams and malware on to other victims.

Bot herders are hackers who use automated techniques to scan specific network ranges and find vulnerable systems, such as machines without current security patches, on which to install their bot program. The infected machine then has become one of many zombies in a botnet and responds to commands given by the bot herder, usually via an Internet Relay Chat channel.One of the new bot herders includes Conficker.

There are also many ways to disguise a harmful link so that it looks like something quite different, whether it’s in email, chat or whatever. The disguising of malicious links in phishing emails so that they appear to go to a legitimate site has obliged developers to reengineer browsers to make it easier to spot such spoofing.

However, too many people forget to make use of elementary precautions such as passing the mouse cursor over the link so that the real link shows up. In any case, it’s not always easy to tell a genuine or fake site just from the URL, even if the URL is rendered correctly. (Early phishing emails tended to rely on exploiting bugs in popular browsers to hide the real target link.) DNS cache poisoning, for instance, allows an attacker to redirect a web query to an IP address under his control.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: