Topic: How They Attack !?

[Samker]

Threats today have become more complicated. They tend to use multiple vectors to spread, thus increasing their chances of infection. Once on the system, these threats tend to show little to no symptoms so they can survive undetected.

Vulnerabilities
Vulnerabilities are flaws in computer software that create weaknesses in the overall security of the computer or network. Vulnerabilities can also be created by improper computer or security configurations. Threats exploit the weaknesses of vulnerabilities resulting in potential damage to the computer or personal data. How Do You KnowCompanies announce vulnerabilities as they are discovered and quickly work to fix the vulnerabilities with software and security "patches"
What To DoKeep software and security patches up to date
Configure security settings for operating system, internet browser and security software
Develop personal security policies for online behavior
Install a proactive security solution like Norton Internet Security to block threats targeting vulnerabilities


Spyware
Spyware can be downloaded from Web sites, email messages, instant messages, and from direct file-sharing connections. Additionally, a user may unknowingly receive spyware by accepting an End User License Agreement from a software program. How Do You KnowSpyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user
What To DoUse Norton Internet Security to proactively protect from spyware and other security risks
Configure the firewall in Norton Internet Security to block unsolicited requests for outbound communication
Do not accept or open suspicious error dialogs from within the browser
Spyware may come as part of a "free deal" offer - do not accept free deals
Always read carefully the End User License agreement at Install time and cancel if other “programs” are being installed as part of the desired program
Keep software and security patches up to date

Spam
Email Spam is the electronic version of junk mail. It involves sending unwanted messages, often unsolicited advertising, to a large number of recipients. Spam is a serious security concern as it can be used to deliver Trojan horses, viruses, worms, spyware, and targeted phishing attacks. How Do You KnowMessages that do not include your email address in the TO: or CC: fields are common forms of Spam
Some Spam can contain offensive language or links to Web sites with inappropriate content
What To DoInstall Spam filtering/blocking software
If you suspect an email is Spam, do not respond, just delete it
Consider disabling the email’s preview pane and reading emails in plain text
Reject all Instant Messages from persons who are not on your Buddy list
Do not click on URL links within IM unless from a known source and expected
Keep software and security patches up to date


Malware
Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy. How Do You KnowMalware works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user
What To DoOnly open email or IM attachments that come from a trusted source and that are expected
Have email attachments scanned by Norton Internet Security prior to opening
Delete all unwanted messages without opening
Do not click on Web links sent by someone you do not know
If a person on your Buddy list is sending strange messages, files, or web site links, terminate your IM session
Scan all files with an Internet Security solution before transferring them to your system
Only transfer files from a well known source
Use Norton Internet Security to block all unsolicited outbound communication
Keep security patches up to date


Phishing
 Phishing is essentially an online con game and phishers are nothing more than tech-savvy con artists and identify thieves. They use SPAM, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card accounts. How Do You KnowPhishers, pretending to be legitimate companies, may use email to request personal information and direct recipients to respond through malicious web sites
Phishers tend to use emotional language using scare tactics or urgent requests to entice recipients to respond
The phish sites can look remarkably like legitimate sites because they tend to use the copyrighted images from legitimate sites
Requests for confidential information via email or Instant Message tend to not be legitimate
Fraudulent messages are often not personalized and may share similar properties like details in the header and footer
How Can You HelpIf a legitimate Web page has been misidentified as a known or suspicious phish site, please report this misidentified page to the Symantec Security Response team at Submit false positive phish Web page.

A Norton Authenticated Web page has been verified by Symantec as belonging to the company represented. Please use the Norton Authenticated Request Form for legitimate Web sites you want to be evaluated as Norton Authenticated.

Symantec