The Most Common Online Threats

...

The Most Common Online Threats:

Computer Viruses:
A computer virus is a malicious code or program which alters a computer negatively. It may attach itself to a legitimate program or document and execute itself remotely. As per stats, about 33% of household computers are affected by some form of malware, more than half of which are computer viruses. 

E-mail Viruses: 
They travel as an attachment to an e-mail message, and usually replicate by automatically mailing themselves to the contacts in the victim's e-mail address book. Some e-mail viruses don't even require a double click to launch themselves. They can also spread through downloads and social media links. 

What Damage Viruses may Cause?

  • Can damage data or software on the computer
  • May display a political or false message.
  • Reduce memory or disk space. 
  • Slow down the system.
  • Change all the file names to a single name.

Example:
In the spring of 1999, a man named David L. Smith created a computer virus based on Microsoft Word macro. He built a virus that could spread through e-mail messages. Smith named the virus "Melissa," saying that he named it after an exotic dancer from Florida [source: CNN].

Rather than shaking its money-maker, the Melissa computer virus tempts recipients into opening a document with an e-mail message like "Here is that document you asked for, don't show it to anybody else." Once activated, the virus replicates itself and sends itself out to the top 50 people in the recipient's e-mail address book.

The virus spread rapidly after Smith unleashed it to the world. The United States federal government became very interested in Smith's work - according to statements made by FBI officials to Congress, the Melissa virus "wreaked havoc on government and private sector networks" [source: FBI]. The increase in the e-mail traffic forced some companies to discontinue their e-mail programs until the virus was contained.

What are the Signs of a Computer Virus?
A computer virus attack can produce a variety of symptoms including:

  • Frequent pop-up windows: Pop-ups may encourage a user to visit unusual sites or to download software programs.
  • Changes to your homepage: The usual homepage may change. Also, you may be unable to reset it.
  • Unknown programs may start up when you turn on the computer.
  • Unusual activities like password changes: This may prevent login into the computer.
  • Mass e-mails being sent from your email account: A criminal may take over the e-mails account and send emails to others. 
  • Frequent crashes: A virus may cause the device to freeze or crash. 
  • Unusually slow computer performance: A sudden change in the processing speed.

How to Prevent Email Viruses?

  • Use a professional email provider such as Proton-mail. They provide higher levels of security and support.
  • Computer should have an updated anti-virus. Automatic updates are very crucial for effective virus protection. 
  • Be suspicious when opening graphics and media attachments.
  • Don’t open an email attachment unless you expect it and know the sender personally. 
  • Never open files with double file extension, e.g. filename.txt.vbs. This is a typical sign of a virus program.
  • Don’t send or forward any file that you haven’t checked for viruses first.

Rogue Security Soft-wares:
Rogue security soft-wares are new ways to commit internet fraud in the virtual world. They are malicious programs that mislead users to believe that their device has already been compromised, viruses/ malwares are installed in their device or that their security measures are not up-to date. They basically leverage the fear of users to make them commit activities not in their best interests. 

The malicious elements then either ask you to download their program to remove the alleged viruses/ malware, which will lead to installation of actual malware. Similarly, the fraudster may ask to pay for a tool to resolve the issue. This case will also lead to installation of malware in the device, as well as financial losses. 

An example is the website http://geektyper.com which the scammer uses to fool the victim that the virus/ malware is being removed by the experts. In reality, it’s a pre-pragrammed website which displays the same set of content, irrespective of the keywords stroked. Similar websites are used to assure the victim that it’s a genuine company doing its work diligently. 

Mostly, such softwares are used to target foreigners in the name of being experts of Blue chip companies like Microsoft, HP, Google etc.  

Trojan Horse:
The Trojan horse had its origin in a historical event as narrated below: In the 12th century BC, the prince of Troy and Queen of Sparta had eloped, with intention to marry. As a result, Greece declared war on the city of Troy. They besieged it for 10 years but failed to conquer as Troy was very well fortified. 

In the last effort, the Greek army pretended to retreat and left behind a huge hollow wooden horse. The kingdom of Troy thought it as marriage gift from Greeks and brought it inside their city. The Trojan horse had some of the best Greek soldiers hiding inside it. During night, they came out and opened the gates of Troy, and with the help of the rest of army, besieged and destroyed Troy. 

Similar to the historical horse, a computer Trojan appears to be a useful program, while actually performing some hidden malicious activity. Most of them, try to sneak past the computer security fortification such as firewall, anti-virus and anti-malware by camouflaging itself as having useful functionality. The Trojan horses are used by hackers to perform the following functions:

  • Manipulating the source code
  • Being used as a key-logger 
  • Deleting files covertly 
  • Changing the file names 
  • Installing malwares 
  • Reducing processing speed 
  • Hijacking the webcam and micro-phone
  • Stealing sensitive data

The main goal of Trojan horse is to disguise the malicious software so that the victim does not realize the dangers. 

Types of Trojans:
The most common types of Trojans are:  

  • Remote Administration Trojans (RATs)
  • Password Trojans
  • Privileges-elevating Trojans
  • Key loggers
  • Joke programs
  • Destructive Trojans

The name of the Trojan itself gives an idea of the purpose of the Trojan. 

Example:
In May 2002, monkey.org, a website that distributed security and hacking tools, was compromised. The hackers subsequently, modified the tools the website provided to install Trojan horse in the devices of its users. 

Adware and Spyware:
Google track its users not only on their search engine, but also on all other Google products like YouTube, Android etc. Besides, Google trackers are present on 75% of the top million websites. Even, Google Analytics, which is generally used by website owners to know about visitors to their website, feeds the information to Google. 

Similarly, Google runs three of the largest non-search ad networks: Ad-sense, Ad-mob and DoubleClick. These ads are not only annoying but also manipulative. In fact, Google tracks us so much, that airlines charge us differently based on our personal information like urgency of flights!

In nutshell, “adware” is a soft-ware that is designed to track browsing habit, to show relevant advertisements and pop-ups. Most adware collect data legally, with consent – the adware clause is often hidden in the related User Agreement docs. It is legitimate source of income for many companies that allow users to use their software/ app for free, but with advertisement enabled. They not only breach our privacy but may also slow down the computer processing speed. 

A solution lies in reading carefully the terms and conditions of by using the free website https://tosdr.org. Additionally, it rates the websites terms and privacy policy from very good to very bad.  

Another solution lies in using the free privacy add-ons like uBlock Origin. Its available for both Google Chrome and Mozilla Firefox. It is the most famous “privacy enriching” add-on. It blocks malicious scripts and also allows flexible customisation to allow / block any or all of the scripts. Unlike AdBlock Plus add-on, it does not allow so called “acceptable ads”. 

URL: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

Spyware works similarly to adware, but is installed covertly. It can record personal information like username credentials, financial information like credit card details etc. The same maybe used to commit identity theft, to commit unauthorized transactions, for impersonation etc.   

Computer Worms:
Worms spread by exploiting the Operating System's vulnerabilities. They consume band-width and over-load the web servers. They may also contain “payloads” to damage the host computer. Its special feature is the ability to replicate itself on other computers. 

Computer Worm Examples:
Computer worms have caused billions of dollars in damages over the past decade.

Stuxnet worm:
The Stuxnet virus is a computer worm discovered in June 2010. Stuxnet was created by the United States and Israel to target Iran’s Uranium Enrichment Program. Stuxnet was created as part of a top-secret cyber war program codenamed “Olympic Games.” The computer worm crashed 984 centrifuges at Iranian nuclear power plants between 2008 and 2012, setting back Nuclear weapons production capabilities in Iran by about two years.

Flame worm:
The Flame virus was discovered in 2012 and is regarded as one of the most sophisticated computer worms ever found. Flame’s code shares many similarities with the Stuxnet code, and Flame, like Stuxnet, was designed as part of a government-sponsored cyber program. While the Stuxnet computer worm was designed to sabotage nuclear weapons production, Flame is believed to have been created purely for cyber spying. Flame has infected thousands of computers since its deployment, mostly in Iran and other Middle Eastern countries.

DoS and DDoS attacks:

Denial of Service attack involve flooding a server with request beyond its processing capabilities. This crashes the web server thereby denying the access to the service by the authorized users. Usually the attackers saturate the victim machine with external communication requests, so that it is unable to respond to legitimate traffic or responds so slowly that it is effectively rendered unavailable. 

DoS attacks are intended to cause financial losses to businesses, or to obstruct the communication between the victim and the intended users. 

Another variation of classical DoS attacks is Distributed Denial of Service attacks, wherein the perpetuators are geographically widespread, and launched from several computers ranging from couple of them to millions or even more. Some of these machine are compromised and added to attacker’s network by malware. Such a network of compromised computers is called botnet. Since the attacks come from multiple IP addresses simultaneously, a DDoS attak is more difficult to locate and defend. 

It’s impossible to control the execution of such attacks. However, some form of such attacks like Slow Loris attack can be controlled by using Reverse Proxy like GlassFish, NGNIX etc. 

Phishing:
Phishing is an attempt to obtain sensitive information such as usernames, passwords and credit/ debit card details by disguising oneself as a trustworthy entity in an electronic communication.

Phishing often involves email spoofing or instant messaging, directing users to enter sensitive personal information at a fake website, in the control of fraudsters. 

Modus Operandi:
Generally, a phishing attack seeks victim to – 

  • Hand over sensitive personal information: Such information include user name and password, credit card details, Aadhar number etc. An example would be email to millions that their loan has been approved. By spamming, the attackers ensure that at least some of the recipients will click on the link and enter the login credentials for attackers to harvest it.
  • Download malware: These phishing attacks aim to infect the victim’s computer with malwares, which are often embedded within .zip files or MS Office documents sent to the potential targets/ victims.  

How to Prevent Phishing Attacks:

Check the URL: 

Checking the URL of the site is the only foolproof way to prevent phishing attacks. A fraudulent site may have look and feel similar to the real site, but it can never have the same URL as the original site. Thus, a phishing page will always have some deviation from the corresponding real page URL. Always check the spelling of the URL in the email links, before clicking or entering sensitive personal information. 

Grammar and Punctuation checks:

Professionals ensure that the emails contain no errors especially subject verb agreement issues, punctuation, spelling errors etc. So, if an email contains poor grammar, punctuation or shows an illogical flow of content then most likely it has written by an inexperienced scammer for fraudulent purposes. 
 
Seeking Personal Information:
Reputed sites never ask for confidential information through emails. Any emails asking to enter or to verify personal or bank details such as credit card information is most likely to be a phishing email. 

Alarming Content – Warnings, Deadlines etc:
Phishing messages are entirely based on social engineering attacks. Hackers often send alarming messages like your account has been hacked, your account is expiring, enter card details or account will be frozen etc. to put you in panic mode. Such messages are meant to create a sense of urgency to force users to take immediate action, not in their best interests. 

Offering Large Financial Rewards:
Such phishing attacks claim that you have won a lottery that you might not even have participated in, won large prize money in a contest that you have never enrolled for etc. The intention is to redirect you to a phishing site to harvest login credential or financial information. 

Watch out for Shortened Links:
Shortened links hide the website’s real name and hence, are frequently used by scammers. Using shorted links, hackers redirect the victim to fraudulent websites to capture sensitive information. Sites like CheckShortURL should be used to find the expanded URL and thus the original site you are being redirected to. 

Man in The Middle Attacks:
Man in The Middle attacks allow attackers to eavesdrop on communication, which otherwise should be private. For example, in a public Wi-Fi when one connects to unsecured sites i.e, http instead of https which are SSL enabled, then one runs the risk of compromising one’s private information using user name details.

This is because attacker can use tools like Wireshark to sniff the packets. The packets can be saved for later analysis, whereby one can search for Https related packets, for information. This is because in https (unsecured) websites the data packets are sent in plaintext form, rather than in encrypted form which happens in case of Https enabled websites. 

A smart attacker can analyse the packets to search for POST verbs. This is because the login credentials are shared via body of POST verb rather than GET verb where the information is passed in the URL parameter. 

Similarly, attacker can spoof an existing Wi-Fi using tools like Wi-Fi Pineapple to eavesdrop on the communication. 

Solution:
A solution lies in using VPN (Virtual Private Network) as it encrypts the communication between the user and the web server. Thus, even on unsecured websites the data packets are encrypted by default and never sent in plaintext form. Thus, even with Man in The Middle attacks, the attacker is unable to decipher the packets so obtained.
Another solution lies in using Add-on HTTPS Everywhere. It enhances privacy by:

  • Forcing browsers to use HTTPS on supporting sites. 
  • Forcing sites to use SSL encryption if available. 

Thus, it encrypts communication with websites. It's signified by “HTTPS” at the front of website's URL and padlock icon in the browser address bar.

Some sites make it difficult to use HTTPS by having unencrypted HTTP as default or by filling encrypted pages with links that go back to unencrypted sites. HTTPS Everywhere extension fixes these problems automatically by forcing the use of HTTPS.