DOCSLIB.ORG

Chapter Nine Protecting Your Computer Spreading the Disease

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Chapter Nine Protecting Your Computer Spreading the Disease Chapter Nine Protecting Your Computer Spreading the Disease Introduction This chapter ends our third module. The last chapter concentrated on the safety of Internet users and this chapter tidies up a few loose ends. It then moves on to concentrate on the security of our computer’s hardware. This will complete our look at computer hardware begun in module 2. Antivirus Email Plaintext Browser Hijacking Encryption Safe Mode Cipher https Secure Sites Cryptography Malware Throwaway Email Decryption Padlock Virus Email Safety Why should you not send email messages that you would not want to see on the cover of a newspaper? Are email messages archived? Why is it a good idea to have a “throwaway email account”? Why should you not open emails from people you do not know? Email can prove valuable in various circumstances; however, it also poses some threats. Unless you are encrypting your email, do not send anything in your email that you would not want to see on the front page of a newspaper. Email messages are archived on mail servers accessible to others through legal means such as a subpoena. (For more information on encryption and specific applications for email, check the cryptography section of this chapter.) Even if you do encrypt your emails, be careful what you say in them because you do not have control over what the recipient does with them. They may decide to print them out and give copies to passersby on the street. Perhaps they work for a government agency whose emails fall under the open records law, allowing the public to request copies. Moreover, remember that email servers archive email messages. It is worthwhile to consider having a throwaway email account. This is an account used when you must provide an email account to sign up for access to a forum or other Internet resource. An online account, such as Yahoo, Hotmail, etc. would be perfect for this application. This way all of the spam, or junk mail, you normally begin receiving after giving out your email address to access a desired service, comes to this throwaway account which you do not really care about. This leaves your main email account through which you carry out your business, relatively uncluttered. One final observation related to email. Often criminals send emails with innocent looking attachments that appear to be documents or photographs. However, when you click on the attachment to open it, something like a virus, spyware, or browser hijacker is installed on your computer. For this reason, your author does not open emails from people that he does not know. If they are from websites, it has to be from a website with which your author has done business. In either case, if the email subject field is blank, I simply delete the email. If it is something truly important, they will call or resend the email. If you follow this policy, informing your friends how you treat emails with blank subject fields, they will become meticulous about filling in an email’s subject field. To be meticulous is to be extremely careful and precise about how you do things. “Encarta Dictionary: English (North America),” accessed 7/22/2014. Secure Sites A web browser can send our sensitive information in a secure manner. What two things can we check to verify it is being done? What is the difference between a URL beginning with http and one beginning with https? When a website asks for sensitive information such as a password or credit card numbers, it is important that your information be transmitted in a secure manner. (The first exercise in this chapter shows one way we can transmit information such as passwords securely.) The secure method is for the website to encrypt your information so it travels the Internet in a coded form. What can we check to insure the website to which we are sending our information is secure? The first thing to check is the Figure 1 Padlock and HTTPS in Web Browser URL address of the website (see Figure 1). Normally the website’s address begins with http; however, when it asks you to enter sensitive information the address should begin with https. The https tells you that it is a secure connection. A second thing to look for is a padlock icon appearing in your web browser when you are securely connected to a website. In Internet Explorer and Mozilla Firefox, it appears in the URL area of the browser window. The padlock is not just a picture; it is a clickable link showing information about the website’s security. Cryptography What is cryptography? What is the name of the free program that can be used to encrypt your emails? Was email created to be secure? What are the potential downsides of encrypting documents on your computer? Cryptography is the taking of a plaintext message, and using some form of key to encrypt the plaintext, creating a cipher message (see figure 2). This example merely takes the plaintext message, shifts each letter to the right one space in the alphabet, and outputs the ciphertext as the result. A cipher based upon such a shift is known as a Caesar cipher. How does the recipient read the ciphertext that they receive? A valid recipient of the message, will have the necessary key to decrypt the message (i.e. convert it back to plaintext). (See figure 3 for an illustration of the decryption process.) Figure 2 Using Key to Convert Plaintext to Ciphertext The PGP program can be used to encrypt your email messages. However, the headings of your email cannot be encrypted and thus not only the path taken by your email, but also the Figure 3 Using Key to Convert Ciphertext to Plaintext sender and recipient information remain plaintext. This information, even when you encrypt the message, can reveal a lot to interested parties. Moreover, you have no control over what the recipient does with your email. Even if the email was encrypted, once Plaintext – Plaintext is the normal, everyday text that is easy the recipient decrypts it you no longer have to read. Encrypt – When you encrypt a control of it. If someone breaks into their message, you take the plaintext and apply a key to it. This key changes the plaintext into the computer, someone steals their computer, or ciphertext, which is unreadable without the correct key. they decide to share your email with others, Key – A key is some sort of function used to convert a you are toast. In summary, do not send plaintext message into an unreadable ciphertext or just the anything in email that you would not want to opposite. Ciphertext – This is the see being talked about on television or in a unreadable form of a message that is created by applying a key to the plaintext. newspaper. Email was not created to be Decrypt – When you decrypt a message, you take the ciphertext secure. and apply a key to it. This key changes the unreadable ciphertext into the plaintext which can be You can use software to encrypt the read. documents that you save on your computer’s hard drive. Depending on how you use your computer, this might be a good idea. However, you will have to wait for your documents to be decrypted before you can use them, to be encrypted before you can shut your computer off, and risk the loss of your password. Without the password, your documents would be gone forever. Browser Hijacking What is browser hijacking? How can we deal with browser hijacking? How do we enter “Safe Mode”? What are the three Safe Mode options available and when might you use each one? Have you ever opened your web browser and a homepage pops up that you have never seen before? When you search, it directs you to a page with links to retail or pornography websites. You decide to change your homepage back and go into your web browser settings or the add/remove programs portion of the Windows Control Panel. If listed in these places, you uninstall the rogue toolbars or reset your homepage; however, the next time you restart your computer it is back! Other times, it does not appear in these locations and you are at a loss as how to deal with it. What you have just experienced is browser hijacking. Without your permission, malware, spyware, or a virus has replaced your homepage or search page with its own. The process for dealing with browser hijacking is similar to that of dealing with spyware and viruses. Boot your computer into safe mode. (Figure 4 shows Figure 4 Menu Used to Reach Safe Mode the Windows Advanced Options Menu used to select Safe Mode in versions of Windows before Windows 8. (If you have Windows 8 or 10, skip down to the next section, Safe Mode in Windows Eight & Ten.) To reach this menu, hold down the F8 key while your computer is booting to Windows. (Note that some systems will see this as a frozen key and default to an error message. On these systems, it is necessary to tap the F8 key repeatedly while the system is booting.) In Figure 4, notice the option to boot to your Last Known Good Configuration. You can try this to help with the browser hijacking problem as well as other problems. It is a good option to keep in mind. However, this usually does not help with browser hijacking. Safe Mode is a state where a limited number of window’s drivers and other programs are loaded.
Load more

Recommended publications
  • Adware-Searchsuite
    McAfee Labs Threat Advisory Adware-SearchSuite June 22, 2018 McAfee Labs periodically publishes Threat Advisories to provide customers with a detailed analysis of prevalent malware. This Threat Advisory contains behavioral information, characteristics and symptoms that may be used to mitigate or discover this threat, and suggestions for mitigation in addition to the coverage provided by the DATs. To receive a notification when a Threat Advisory is published by McAfee Labs, select to receive “Malware and Threat Reports” at the following URL: https://www.mcafee.com/enterprise/en-us/sns/preferences/sns-form.html Summary Detailed information about the threat, its propagation, characteristics and mitigation are in the following sections: Infection and Propagation Vectors Mitigation Characteristics and Symptoms Restart Mechanism McAfee Foundstone Services The Threat Intelligence Library contains the date that the above signatures were most recently updated. Please review the above mentioned Threat Library for the most up to date coverage information. Infection and Propagation Vectors Adware-SearchSuite is a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them. Mitigation Mitigating the threat at multiple levels like file, registry and URL could be achieved at various layers of McAfee products. Browse the product guidelines available here (click Knowledge Center, and select Product Documentation from the Support Content list) to mitigate the threats based on the behavior described in the Characteristics and symptoms section.
    [Show full text]
  • A Crawler-Based Study of Spyware on the Web
    A Crawler-based Study of Spyware on the Web Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy Department of Computer Science & Engineering University of Washington {anm, tbragin, gribble, levy}@cs.washington.edu Abstract servers [16]. The AOL scan mentioned above has provided simple summary statistics by directly examining desktop in- Malicious spyware poses a significant threat to desktop fections [2], while a recent set of papers have considered security and integrity. This paper examines that threat from user knowledge of spyware and its behavior [6, 29]. an Internet perspective. Using a crawler, we performed a In this paper we change perspective, examining the na- large-scale, longitudinal study of the Web, sampling both ture of the spyware threat not on the desktop but from an executables and conventional Web pages for malicious ob- Internet point of view. To do this, we conduct a large-scale jects. Our results show the extent of spyware content. For outward-looking study by crawling the Web, downloading example, in a May 2005 crawl of 18 million URLs, we found content from a large number of sites, and then analyzing it spyware in 13.4% of the 21,200 executables we identified. to determine whether it is malicious. In this way, we can At the same time, we found scripted “drive-by download” answer several important questions. For example: attacks in 5.9% of the Web pages we processed. Our analy- sis quantifies the density of spyware, the types of of threats, • How much spyware is on the Internet? and the most dangerous Web zones in which spyware is • Where is that spyware located (e.g., game sites, chil- likely to be encountered.
    [Show full text]
  • Tip – How to Do Basic Browser Housekeeping?
    Tip – How to do basic browser housekeeping? Why do you need to do basic browser housekeeping? In order to prevent browser hijacking by ads, spams and re-directs, we encourage you to reset your web browser often. Please Note: After you reset your browser, all your saved password will be gone. Please make sure you record your password somewhere else safely. _______________________________________________________________________________________ Reset Internet Explorer Click on Tools and select Internet Options . Click on the Advanced tab. Click on the Reset button. _______________________________________________________________________________________ Reset Chrome Click on Customize and control Google Chrome button. Click on Settings . Click on Advanced Settings. Click on the Reset and Clean up button. Phone: (03) 8664 7001 Free Call: 1800 629 835 Fax: (03) 9639 2175 www.kindergarten.vic.gov.au [email protected] State Library of Victoria, 328 Swanston St, Melbourne, VIC 3000 Australia The Kindergarten IT Program is supported by the Victorian Government. Reset Firefox In the address bar of the FireFox type in about:support and hit Enter. Click Refresh Firefox… button. A window will appear showing the details of this action. Click Refresh Firefox button. _______________________________________________________________________________________ Clear website data in Safari Click on Safari tab and select Preferences… Click Privacy tab. Click Manage Website Data… Click on Remove All . Phone: (03) 8664 7001 Free Call: 1800 629 835 Fax: (03) 9639 2175 www.kindergarten.vic.gov.au [email protected] State Library of Victoria, 328 Swanston St, Melbourne, VIC 3000 Australia The Kindergarten IT Program is supported by the Victorian Government. Reset Edge Click on Settings and More button.
    [Show full text]
  • COVID-19 Updates and Resources for Local Governments G Tuesday, March 23, 2021 Welcome Greeting
    COVID-19 Updates and Resources for Local Governments g Tuesday, March 23, 2021 Welcome Greeting Kayla Rosen Departmental Analyst, Community Engagement and Finance, Department of Treasury 2 Tools and Resources for Local Governments: 11th Webinar Tuesday, March 23, 2021 – 2 p.m. – 3 p.m. I. Welcome & Introductions Heather Frick, Bureau Director, Bureau of Local Government and School Services, Michigan Department of Treasury I. Treasury Update a. CARES Act Grant b. FDCVT Grant c. Overviews of Recreational Marijuana Payments d. American Rescue Plan Eric Bussis, Chief Economist and Director of the Office of Revenue and Tax Analysis, Michigan Department of Treasury I. Cybersecurity for Local Governments Derek Larson, Acting Deputy Chief Security Officer, Department of Technology, Management and Budget (DTMB) I. Question and Answer II. Closing Remarks Heather Frick, Bureau Director, Bureau of Local Government and School Services, Michigan Department of Treasury 3 Welcome & Introductions Heather Frick Bureau Director, Bureau of Local Government and School Services, Department of Treasury 4 Treasury Local Government Funding Update Eric Bussis Chief Economist and Director Office of Revenue and Tax Analysis Michigan Department of Treasury 5 Treasury Update • CARES Act Grant • FDCVT Grant Agenda • Overviews of Recreational Marijuana Payments • American Rescue Plan 6 First Responder Hazard Pay Premiums Program (FRHPPP) • Payments made to 740 applicants, supporting approximately 37,500 first responders • 97 applications were selected for further federal
    [Show full text]
  • The Emergence of Exploit-As-A-Service
    Manufacturing Compromise: The Emergence of Exploit-as-a-Service Chris Grier† Lucas Ballard2 Juan Caballerox Neha Chachra∗ Christian J. Dietrichq Kirill Levchenko∗ Panayiotis Mavrommatis2 Damon McCoyz Antonio Nappax Andreas Pitsillidis∗ Niels Provos2 M. Zubair Rafiquex Moheeb Abu Rajab2 Christian Rossowq Kurt Thomasy Vern Paxson† Stefan Savage∗ Geoffrey M. Voelker∗ y University of California, Berkeley ∗ University of California, San Diego 2 Google International Computer Science Institute x IMDEA Software Institute q University of Applied Sciences Gelsenkirchen z George Mason University ABSTRACT 1. INTRODUCTION We investigate the emergence of the exploit-as-a-service model for In this work we investigate the emergence of a new paradigm: the driveby browser compromise. In this regime, attackers pay for an exploit-as-a-service economy that surrounds browser compromise. exploit kit or service to do the “dirty work” of exploiting a vic- This model follows in the footsteps of a dramatic evolution in the tim’s browser, decoupling the complexities of browser and plugin world of for-profit malware over the last five years, where host com- vulnerabilities from the challenges of generating traffic to a web- promise is now decoupled from host monetization. Specifically, the site under the attacker’s control. Upon a successful exploit, these means by which a host initially falls under an attacker’s control are kits load and execute a binary provided by the attacker, effectively now independent of the means by which an(other) attacker abuses transferring control of a victim’s machine to the attacker. the host in order to realize a profit. This shift in behavior is exem- In order to understand the impact of the exploit-as-a-service plified by the pay-per-install model of malware distribution, where paradigm on the malware ecosystem, we perform a detailed anal- miscreants pay for compromised hosts via the underground econ- ysis of the prevalence of exploit kits, the families of malware in- omy [4, 41].
    [Show full text]
  • Spyware & Adware Products
    AdwareAdware/Spyware/Spyware ProductsProducts && RecommendationsRecommendations UCLAUCLA OfficeOffice ofof InstructionalInstructional DevelopmentDevelopment MikeMike TakahashiTakahashi AgendaAgenda WhatWhat isis AdwareAdware/Spyware/Spyware KnownKnown AdwareAdware/Spyware/Spyware ProductsProducts AntiAnti AdwareAdware/Spyware/Spyware RemovalRemoval ProductProduct ComparisonsComparisons TipsTips && RecommendationsRecommendations AdwareAdware AdwareAdware cancan bebe softwaresoftware thatthat generatesgenerates advertisementsadvertisements suchsuch asas poppop--upup windowswindows oror hotlinkshotlinks onon webweb pages.pages. ItIt maymay addadd linkslinks toto youryour favoritesfavorites andand youryour desktop.desktop. ItIt cancan changechange youryour homehome pagepage andand youryour searchsearch engineengine toto sitessites thatthat earnearn incomeincome fromfrom variousvarious advertisers.advertisers. Source http://www.microsoft.com/windows/ie/community/columns/adware.mspx AdwareAdware ExamplesExamples What?!What?! MyMy computercomputer isis infected!infected! OrOr isis it?it? AdwareAdware ExamplesExamples WellWell--knownknown AdwareAdware ProgramsPrograms toto AvoidAvoid HotbarHotbar (Add(Add--ons)ons) Adds graphical skins to Browser and Email clients Adds toolbars and search button BlockCheckerBlockChecker ClipGenieClipGenie CometComet CursorCursor GatorGator WinFixerWinFixer StumbleUponStumbleUpon WeatherBugWeatherBug SpywareSpyware SpywareSpyware isis computercomputer softwaresoftware thatthat collectscollects
    [Show full text]
  • Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome
    Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome Browser toolbars have been around for years, however, in the last couple of months they became a huge mess. Unfortunately, lots of free software comes with more or less unwanted add-ons or browser toolbars. These are quite annoying because they may: Change your homepage and your search engine without your permission or awareness Track your browsing activities and searches Display annoying ads and manipulate search results Take up a lot of (vertical) space inside the browser Slow down your browser and degrade your browsing experience Fight against each other and make normal add-on handling difficult or impossible Become difficult or even impossible for the average user to fully uninstall Toolbars are not technically not a virus, but they do exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program. Generally speaking, toolbars are ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer, Firefox and Chrome, and distributed through various monetization platforms during installation. Very often users have no idea where did it come from, so it’s not surprising at all that most of them assume that the installed toolbar is a virus. For example, when you install iLivid Media Player, you will also agree to change your browser homepage to search.conduit.com, set your default search engine to Conduit Search, and install the AVG Search-Results Toolbar.
    [Show full text]
  • What Are Kernel-Mode Rootkits?
    www.it-ebooks.info Hacking Exposed™ Malware & Rootkits Reviews “Accessible but not dumbed-down, this latest addition to the Hacking Exposed series is a stellar example of why this series remains one of the best-selling security franchises out there. System administrators and Average Joe computer users alike need to come to grips with the sophistication and stealth of modern malware, and this book calmly and clearly explains the threat.” —Brian Krebs, Reporter for The Washington Post and author of the Security Fix Blog “A harrowing guide to where the bad guys hide, and how you can find them.” —Dan Kaminsky, Director of Penetration Testing, IOActive, Inc. “The authors tackle malware, a deep and diverse issue in computer security, with common terms and relevant examples. Malware is a cold deadly tool in hacking; the authors address it openly, showing its capabilities with direct technical insight. The result is a good read that moves quickly, filling in the gaps even for the knowledgeable reader.” —Christopher Jordan, VP, Threat Intelligence, McAfee; Principal Investigator to DHS Botnet Research “Remember the end-of-semester review sessions where the instructor would go over everything from the whole term in just enough detail so you would understand all the key points, but also leave you with enough references to dig deeper where you wanted? Hacking Exposed Malware & Rootkits resembles this! A top-notch reference for novices and security professionals alike, this book provides just enough detail to explain the topics being presented, but not too much to dissuade those new to security.” —LTC Ron Dodge, U.S.
    [Show full text]
  • Pikes Peak Library District Takes Malware out of Circulation Malwarebytes Provides Defense Without Compromising Openness
    CASE STUDY Pikes Peak Library District takes malware out of circulation Malwarebytes provides defense without compromising openness Business profile INDUSTRY Pikes Peak Library District (PPLD) is a nationally recognized Government system of public libraries serving residents in El Paso County, Colorado. With fourteen facilities, online resources, and mobile BUSINESS CHALLENGE library service, PPLD responds to the unique needs of individual Prevent malware, including ransomware, neighborhoods and the community at large. A large number of from infecting computers while computers used by staf and patrons have internet connectivity. centralizing control To protect them from ransomware and other advanced malware, IT ENVIRONMENT PPLD chose Malwarebytes. Webroot antivirus, Deep Freeze Instant Restore Malwarebytes surpasses our antivirus’ SOLUTION prevention and detection features and runs Malwarebytes Endpoint Security with almost zero performance impact on users’ machines. RESULTS —Richard Peters, Chief Information Officer, • Stopped malware, including Pikes Peak Library District ransomware, from infecting computers • Significantly reduced labor costs Business challenge through better detection and Centralizing control over endpoints centralized management Four hundred and seventy-five PPLD employees operate library • Eliminated downtime and disruption facilities, manage book and media acquisition, and help patrons associated with malware find information. PPLD has 14 locations, plus a mobile Bookmobile and a Library Express kiosk. In addition to staf computers, PPLD provides computers for library patrons’ use. As an organization that exists to facilitate access to print, audio, visual, and electronic information, it’s not surprising that internet-based cyber threats target the browsers, Java, and Adobe Flash applications. Staf members encountered browser hijacking, popup ads, malicious email attachments, and drive-by downloads.
    [Show full text]
  • Download Getting Rid of Norton Toolbar Firefox Rar for Ipod
    Contact Imprint Aeropostale printable job application Getting rid of norton Persuasive newspaper articles toolbar firefox online netspend reload pack The Steps To Fix Firefox Browser With Norton Antivirus?. If the file is regenerated when you restart the computer, remove it again and in its tums recall 2013 place, create an empty text file (e.g., with Notepad), rename it "coFFPlgn.dll" and change the properties to "read-only". Die Version 2009 boneless ist am 9. September 2008 in Amerika erschienen. Wie bei allen Norton- chicken breast Produkten verzögerte sich die Deutschland-Veröffentlichung um einige recipes Wochen. Norton offers three scan types. In the screen where you can oven baked choose which scan to run, other options are available that may be useful. For example, "Norton insight" looks through your files and decides how likely they are to contain malware. This can show you what programs Norton deems as high risk. have a "Settings" button with an uninstall menu option. To see which version of the toolbar is installed, visit. If you later want to remove the toolbar, the easiest method is to uninstall ZoneAlarm and then do a custom installation and deselect the toolbar option. [10]. If you have any questions, come by the Help Desk at Hardman & Jacobs Undergraduate Learning Center Room 105, call 646- 1840, or email us at. "Safe web" gives you full browser protection by keeping an eye on what you are doing online and stopping any threats. For antivirus protection within a browser, this is very effective. Norton doesn't let suspicious downloads complete, and phishing pages cause a warning page to appear.
    [Show full text]
  • Paul Collins Status Name/Startup Item Command Comments X System32
    SYSINFO.ORG STARTUP LIST : 11th June 2006 (c) Paul Collins Status Name/Startup Item Command Comments X system32.exe Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field X pathex.exe Added by the MKMOOSE-A WORM! X svchost.exe Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder X SystemBoot services.exe Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder X WinCheck services.exe Added by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder X Windows services.exe Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder X WinStart services.exe Added by the SOBER.O WORM! Note - this is not the legitimate
    [Show full text]
  • THE UNINVITED GUEST a Browser Hijacking Experience, Dissected
    THE UNINVITED GUEST A Browser Hijacking Experience, Dissected Sponsored by ANCHOR INTELLIGENCE: THE UNINVITED GUEST: A BROWSER HIJACKING EXPERIENCE, DISSECTED INTRODUCTION The continued growth of the Internet and online advertising has created an appealing medium through which fraudsters distribute malware and perpetrate a wide range of malicious activities. Over the past six months, Anchor Intelligence has identified a surge in browser hijacking attacks perpetrated through online advertising campaigns. These compromised ads, found on various ad networks and search engines, have been traced to schemes designed to defraud unsuspecting users by capturing their credit card information and account passwords, forcing ad clicks without users’ consent, and manipulating personal data such as cookies. By targeting the browser, a user’s primary gateway to the Internet, browser-hijacking malware has emerged as one of the most powerful and dangerous online exploits. The hijacker is an uninvited guest, which sits dormant in the background of the user’s experience, looking over her shoulder to log each keystroke as she enters her bank password, redirect her to malicious websites when she expects to see search results pages, or simply leverage her browser to make http requests unbeknownst to her. In response to the explosion of browser hijacking exploits identified across its network, Anchor Intelligence is issuing “The Uninvited Guest: A Browser Hijacking Experience, Dissected” to educate end users, ad buyers, and ad sellers about how to recognize and avoid common tactics used by fraudsters to compromise their systems. Section I of the report provides background on browser hijacking and describes infection vectors, payloads, and attacks.
    [Show full text]