ATTACK VECTORS?

Attack vectors are routes or methods used to get into computer systems, usually for nefarious
purposes. They take advantage of known weak spots to gain entry. Many attack vectors take
advantage of the human element in the system, because that's often the weakest link.

Don't confuse attack vectors with payloads. A virus is often the attack vector as well as
carrying the payload. A worm is always the attack vector, and could carry a virus as the
payload. More often it's some other form of malware. Trojan horses are always payloads, as
are spyware, dialers, hijackers, etc.

Ordinary virus attacks have been declining. The bad news is that serious hostile software
writers have moved on to more detrimental attacks, such as installing Trojan-horses and
spyware. The number of these attacks has increased, and most of the attack vectors described
below have been used to pull them off.

EMAIL as an ATTACK VECTOR

Email attacks continue to advance in sophistication. Miscreants are combining their tricks
with the techniques of spammers to make their attacks more effective. Millions of messages
can be sent out in the hope that a large number of people will be duped. This story about a
fake Microsoft update is a good example.

Attachments (and other files) >>

Malicious attachments have been the primary attack vector for some time. They are being
overtaken by Web page (largely popups) trickery, but attachments are still a major threat.
Attachments make a simple, effective attack vector. They're designed to install malicious
code on your computer. The code could be a virus, Trojan-horse, spyware or any other kind
of malware. Attachments attempt to install their payload as soon as you open them. Your
internal defenses may protect you, but don't count on it.

Files that you download from questionable sources are also likely to contain malicious code.
There are even ways to include malicious code in music files or pictures. Infected
entertainment files spread mainly through file sharing networks and from dodgy Web sites.

Messages >>

Email messages themselves are also used as attack vectors, even though its more common to
use attachments. The hostile content is embedded in the email message itself. Another trick is
to combine the two vectors, so that if the message doesn't get you, the attachment will.

Email provides a convenient delivery vehicle for deception. The target is the ignorance or
credulity of the computer user. The kind of malicious email itself does not attack the
computer itself. It attacks the user, who unwittingly initiates the attack.

The objective of deception can be either to initiate fraud directly, or to divert the user to a
Web site, where the actual attack takes place. It may ask you to reply with personal
information. It may offer something too good to be true. As soon as you take the action
you've triggered the message's hidden agenda. The best way to avoid these problems is to
delete bogus messages.

Email can be used to deliver hostile code directly though. The message may be in HTML
format, which means it's just like a Web page, and the results are the same as visiting a
malicious Web site directly. Reading the message, or simply viewing it in a preview screen
will immediately activate any hidden malicious content. You can defeat this kind of email by
setting up your email client (program) properly.

"Unsolicited commercial email" -- spam in other words -- is almost always an entryway for
scam, fraud, dirty tricks or malicious action. Any link that offers something *free* or
tempting is suspect. Acting on a spam message usually leads to an outcome that is
unpleasant. The stories on the bogus email page will help you learn what to look for.

DECEPTION >>

Deception is aimed at the user/operator as the vulnerable entry point. It's not just malicious
computer code that you need to watch out for. Fraud, scams, hoaxes and to some extent spam,
not to mention viruses, worms and such, require the unwitting cooperation of the computer's
operator to succeed.

Social engineering is the art of conning someone into doing something they shouldn't do, or
revealing something that should be kept secret. Virus writers incorporate social engineering
in spam to convince people to do stupid things, like opening attachments that carry viruses
and worms. They also use it on the phone to get passwords or other sensitive information.

Scams and fraud >>

Email and Web sites are the enabling vectors, but deception is the primary attack vector here,
since that's what makes scams and fraud work. Email and Web sites are often used in
conjunction to perpetrate fraud. The Internet is a natural breeding ground for scam artists
because it lends itself to anonymity.

Hoaxes >>

Hoaxes can damage email networks as much as real viruses, even though they don't attack
computers directly. Ignorance and credulity is the attack vector here. It's people that replicate
the malignant email that spreads and spreads. The exponentially growing number of
messages can easily swamp an email system.

HACKERS >>

The term hacker was originally a term of respect for computer experts who knew all about
computers, and could do *cool* things with them. Some hackers crossed over to the dark
side, and these villains were more properly known as "crackers". The distinction isn't often
made in the popular press, and it annoys some hackers, who like to think of themselves as
talented whitehats.

Hackers can be a formidable attack vector because, unlike ordinary malicious code, people
are flexible and they can improvise. Hackers use a variety of hacking tools, heuristics, and
"social engineering" to gain access to computers and online accounts. Once they're in they
may just vandalize, but more often they try to steal something, or install a Trojan-horse so
they can commandeer it for their own use.

Heedless guests >>

Has your computer ever been invaded by a guest user? It's easy to overlook that avenue of
destruction. You can do some things to block this activity, but backup is the only real
protection

WEB PAGES >>

Web pages can be be used as attack vectors too. Particularly popup windows. They can be
rigged to do a number of things -- virtually anything that a malicious email attachment can
do. They take advantage of the power that modern browsers have to access several program
languages -- Java, Javascript, ActiveX and Microsoft Word macros, for example. Your best
defense is to stay away from risky websites -- gothic, warez, crackz, gamer, cheat code, tres
equis sites and things of that ilk.

Counterfeit Web sites are used extract personal information from people. Here, they are an
enabling vector -- the actual attack vector is deception. Counterfeit websites look very much
like the genuine websites they imitate. You think you're doing business with someone you
trust. However, you're really giving your personal information, like your address, credit card
number and expiration date to a rip-off artist. They're often used in conjunction with spam,
which gets people to visit the website in the first place.

Popup Web pages can install spyware, adware, hijackers, dialers or Trojans or other
scumware. They can install software that takes control of your browser and steers you where
they want you to go. They may even close your internet connection, and then make a very
expensive phone call using your modem. All of these things are larcenous at heart.

WORMS >>

Most worms are delivered as attachments, but there are new worms that attack other
networking vulnerabilities. Windows" DCOM vulnerability [more]is a prime example. Any
kind of remote access service is likely to be vulnerable to this sort of worm. These worms
propagate without the need for humans to open attachments.

Email worms (often called viruses) have been the attack vector of choice on the Internet.
They're far more infectious than ordinary viruses because they do not rely on humans to
actively pass them on. All they need for the human to do is open the attachment. If an
attachment carrying a worm is opened, it emails copies of itself to some or all of the people in
any address book it finds. Meanwhile, like other viruses, these worms can do something
destructive. More often, these email worms install spyware, Trojans or some other malware.

System worms take advantage of security holes in remote access services. These worms
propagate without the need for humans to open attachments. The Windows DCOM
vulnerability is a prime example. There's no "attachment" -- they are self activated. When
they find a vulnerable computer they go to work to to replicate themselves.
Many of these system worms install Trojan-horses. First, they may disable any anti-Trojan
software they find, and then install the Trojan, which is the primary payload. Next they begin
scanning the Internet from the computer they've just infected, looking for other computers to
infect. If the worm is successful it propagates rapidly. The worm owner soon has thousands
of "zombie" computers to use for more mischief.

Anti-Trojan software is no protection at all against worms like this (because they disable it).
You must stop these worms at some point before they're activated if you want to protect your
computer. In most cases a firewall will block system worms, or you can disable the
vulnerable service.

OTHER ATTACK VECTORS

Macros

Many documents -- those used by Word and Excel, for example -- allow macros. A macro
does something like automate a spreadsheet, for example. The problem is that macros can
also be used for malicious purposes. They can attack your computer directly. Keeping your
software patched, and anti-virus programs are the best defenses against macros. You can get
malicious macros from anybody. All it takes is for them to have gotten one themselves.

Instant messaging, IRC (Internet Relay Chat) and P2P file-sharing networks

These three Internet services rely on cozy connections between your computer and other
computers on the Internet. If you use them, the special software you install makes your
machine more vulnerable to hostile exploits. Several have already emerged, and they're
bound to become more aggressive with time. Just as with email, the most important thing to
be wary of is attachments and website links.
http://www.pcworld.com/news/article/0,aid,115837,00.asp

It's safer to just stay away from any of these services. However, you can defend your machine
against these vectors. Antivirus, anti-Trojan and anti-malware software helps. Special
blocking software has begun to appear.
http://reviews.cnet.com/4520-3513_7-5021265-1.html -- news
http://www.instantmessagingplanet.com/security/article.php/3086291-- news
http://www.instantmessagingplanet.com/security/article.php/2208441 -- news
http://www.securityfocus.com/infocus/1657 -- overview
http://www.informationweek.com/story/IWK20010927S0021 -- AOL and MSN instant
messaging
http://www.pcworld.com/news/article/0,aid,111941,00.asp -- IMsecure blocking software

Trojan-horses

Trojans hide themselves from the user, and provide a back door that enables remote control
of the computer. The Trojan itself is just a payload, that can come in on any attack vector, for
example a hacker.
However some Trojans are used as attack vector themselves. For example, a hacker can use a
computer that is infected by a Trojan to attack other computers. This lets the hacker hide their
computer behind the infected computer.

Spyware, adware, dialers, hijackers and such

Like viruses, these agents are payloads, not attack vectors. They can be installed by foistware,
attachments, email or Web pages, which are the actual attack vectors.

Foistware (sneakware)

Foistware is a new term for software that surreptitiously adds hidden components to your
system on the sly. The term is used to differentiate the kind of sneak installation done by
commercial software from classic Trojan horse installations, which are usually done with
attachments, worms or hacker/crackers. Spyware is the most common form of foistware.

Foistware is quasi-legal, seductive software bundled with unwanted software. The bait is
dangled to induce an "impulse install". This bait element of the bundle is the attack vector.
The bait's job is to foist the malware on you. When you install the bait, the sneak software is
also installed without your knowledge. The sneak software usually spies and/or hijacks your
browser and diverts you to some "revenue opportunity" that the foister has going.

Viruses

Strictly speaking, viruses are not an attack vector in my view. They're malicious computer
code. That makes them a payload. The main attack vector for viruses was originally infected
floppy disks, but now the vectors include email attachments, downloaded files, worms and
more.