Friday, November 06, 2009

Hacking Humanity: how viruses REALLY spread

I'm sceptical about pretty well the entire internet, and out of an abundance of caution, I suspect just about every link. Computer viruses can be nefarious things, so I'm very careful about where I click. I try to satisfy myself as to the link's authenticity before I dare click, and I have to admit I'm sometimes downright paranoid about shortened Twitter links.

Because of the popularity of online communication and social media, a great number of viruses appear to come from good friends. Worse, the message triggering the virus is usually something designed to look real and go unquestioned by the recipient.

The term "virus" is used loosely here - the same principles can apply to most any program, script, or other malicious code. But almost all have one important thing in common: the user usually has to do something to get infected, even if simply clicking a link or opening an attachment.

Whatever its form, malicious code is famous for its ability to promulgate through exploits of security vulnerabilities. Sometimes these are due to flaws in an Operating System, or in a software program such as a web browser.

The code takes advantage of the flaw to take over, creating another version of itself, and both then continue to seek out new victims. New exploits are being reported all the time, but the software vendor is usually quick to release a patch that seals up the exploit and protects you, and the hackers who release the program are getting quite creative. Some new variants of exploits even masquerade as anti-virus or anti-spyware programs that flash warnings of infection which lull the user into a false belief of being protected, while the malicious software carries out its purpose, whether spam, porn, or identity theft.

(I'm still waiting for a creative hacker to release an exploit that uses the victim's computer resources to surreptitiously contribute to scientific research via projects like BOINC or http://setiathome.berkeley.edu/.)

Patches only work, though, if you hunt them down and apply them. Keeping up-to-date on security releases is very important, but what's most important is to exercise common sense.

Most of the viruses people seem end up with are spread through email or IM, and usually involve some sort of social engineering. And what is social engineering, you ask? It is simply tricking you into doing something innocuously and unconsciously, so that you probably don't even notice the results, and nothing registers on any conscious radar screen as being dangerous.

Say Alice signs on, and a screen pops up from Bob, suggesting that Alice check out pictures of her. She clicks, and is whisked away to some decoy site while the code safely ensconces itself within Alice's hard drive, curling itself almost inextricably around her operating system, so that the two now operate as one. And it all happens so slick that Alice doesn't even notice, until a couple of weeks later she gets a phone call from a friend who tells her to run a virus scan already because her friend is sick of getting ads for teeth whiteners from her.

Sound like a realistic scenario? Naming off the dozens of examples you've seen yourself? Almost got tricked by one, or did and are too ashamed to admit it? This is how these viruses are spread; they rely on the trust of the user.

The more reliable the message seems, the less likely it is to raise any red flags. Social engineering is used in these cases to exploit natural human tendencies as a means to promulgate the virus, whether it's unleashed by a bored teenager on a weekend with nothing to do, or spread as part of a major billion-strong foreign botnet.

Fortunately, many of the IM and email viruses that rely on tricking the user are not usually too sophisticated on the software side of things. Removal is usually as simple as identifying what variant is at fault and searching for the proper removal instructions.

Searching the name of the virus and "remove tool" might bring up a handy little program that you can download, run, and have it scrub your machine free of all trace. By this time, though, hopefully you've learned to approach links with scepticism, and you don't automatically download the first thing you come across. Discernment is crucial; be careful where you click.



Labels: , , , ,

0 Comments:

Post a Comment

<< Home