Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28518
  • Total Topics: 8240
  • Online Today: 1026
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Security 101: Attack Vectors Take Advantage of User Interaction  (Read 1201 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
Welcome back to Security 101. Our New Year’s recess is over, and it’s time to offer another lesson.

So far we have discussed vulnerabilities and some types of low-interaction attack vectors. In this lesson we shall continue with attack vectors that require medium or high levels of user interaction to succeed.

These attack vectors are more dangerous because their success relies on the victims, which means that they can work in multiple “buildings” in parallel. (Recall our analogy of comparing a system to a building.) An attacker who uses these vectors also has an advantage that does not depend on technology: the human factor. Humans are curious by nature and, even when we don’t care to admit it, gullible. Almost anyone, no matter how cautious, can be tricked into being a victim of an attack or helping an attacker.

But we’ll delve into the topic of social engineering another time. For now we’ll focus on the vectors themselves. These vectors may require as much work from attackers as the low-interaction ones. Most of the time goes into assembling a malicious website or something similar.

Medium Interaction
Website/mail elements: Visiting a website is usually only a click away, especially if you just happen to be “in the neighborhood.” Think of all the advertisements you see while navigating the web. How many times have you been tempted to click an interesting ad, or follow a mail with a convenient offer? Any of these sites could host an attack or a piece of malware. The whole site need not be malicious, just one hidden element or image will suffice. When you enter a site, your browser tries to load all of the page’s elements; when it reaches the malicious part, the attack executes. Attackers can use this vector to exploit almost every kind of vulnerability because the attack happens online. The disadvantage for the attacker is that this vector requires a vulnerability in your browser to work.

High Interaction
Corrupted files: This broadly works in the same way as website vulnerabilities. An attacker places a file that contains an exploit on some part of the web. It can be a peer-to-peer network, FTP site, art gallery, free software site, you name it, or the attacker can send the file directly to you by mail. You download the file, open it, and Wham!: The exploit runs. The most visible difference is that the victim actually needs to find the file and open it. And that’s why this vector is usually disguised as tempting celebrity photos, work documents, or even free tickets to a concert. These attacks are often widely advertised (social networks anyone?). Because this vector employs the victim’s computer, it is mostly used for exploiting denial of service or remote code execution vulnerabilities. In the latter case, inside the file there’s a small piece of code that communicates with the attacker’s computer or server, allowing access to the victim’s machine.

So next time you see a “OMG, awesome video of <celebrity name> here!” link, don’t just think twice. Don’t open it at all. The most probable outcome is that you’ll open the doors of your “building” to complete strangers and you’ll never know it. Next time we’ll see how the human factor fits into attacks, with a post about social engineering.



Orginal article: Wednesday, February 8, 2012 at 3:02pm by Francisca Moreno
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info





Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
Re: Security 101: Attack Vectors Take Advantage of User Interaction
« Reply #1 on: 09. February 2012., 12:55:12 »
I have had this try to attack reasently in my area.
On of my friends try to connect to Internet and did get denyed access. After a cuple of minutes ther was a phone call from a girl in (supposed) India. She taled that she called from Microsoft and want to help to fix the problem. The procedure wa somthing like connect again to Internet start IE and surf to a palce and download and install a file.
My friend did not do this due she know that Microsoft don't call you if you dont have a ongoing call with them. She just only closed the call with the upcaling girl.
My friend called ouer local police and thay talled that thay get atlest one of this kinde of call a day.
One other the police talled about have folov the request from the "Microsoft" person and got both the Internet connection and the mail higijaked.

So be ware!
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Fake calls from "Microsoft's support center"
« Reply #2 on: 09. February 2012., 15:19:31 »
I have had this try to attack reasently in my area.
On of my friends try to connect to Internet and did get denyed access. After a cuple of minutes ther was a phone call from a girl in (supposed) India. She taled that she called from Microsoft and want to help to fix the problem. The procedure wa somthing like connect again to Internet start IE and surf to a palce and download and install a file.
My friend did not do this due she know that Microsoft don't call you if you dont have a ongoing call with them. She just only closed the call with the upcaling girl.
My friend called ouer local police and thay talled that thay get atlest one of this kinde of call a day.
One other the police talled about have folov the request from the "Microsoft" person and got both the Internet connection and the mail higijaked.

So be ware!


It look like similar scam scheme from past Year (18. January 2011.):

"Scamers tricks Australians with Microsoft support scheme": http://scforum.info/index.php/topic,5152.0.html

 


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising