Thursday, February 09, 2006

Malicious software entices

Security awareness includes knowing that just because an email or web site says it has great software you can use for free, "it ain't necessarily so". Below is one recent example (excerpted from a recent "Security UPDATE" email newsletter from WindowsIT Pro):

Last week, a Trojan horse program that alleged to be a copy of a leaked MSN Messenger beta began to spread. The "leaked beta" supposedly boasts many new features, all of which are designed to entice people into downloading it. But no such beta exists. People who downloaded and installed the file infected their systems with a Trojan horse, which then sent IM [instant message] messages to other MSN Messenger users trying to coax them into installing the program. The Trojan horse program includes a proxy and remote command shell capabilities, can perform Denial of Service (DoS) attacks, connects the system to a botnet, and more. In short, it's a disaster on any computer."

Also, some recent attacks have tried to trick users into just visiting a web site, which then attacks their PC.


"Many of these [vulnerability exploits] try to coax users into visiting malicious Web sites, which can infect their systems even if they don't download any files. Other exploits might arrive via email, IM clients, or other inroads. A number of exploits related to this and other vulnerabilities rely on social engineering -- which is a nice way of saying that they rely on the ignorance of computer users."

It's OK to be a bit paranoid when the bad guys really are out to get you!

The Security UPDATE emailed newsletter is free, as is the online version.

No comments: