perform tracking functions (as spyware also does).
If you decide to use a freeware product, please pay particular
attention to the installation program. The installer will most likely
notify you of the installation of an extra adware program. Often you
will be allowed to cancel it and install the program without adware.
On the other hand, some programs will not install without adware, or
their functionality will be limited. This means that adware may often
access the system in a “legal” way, because users have agreed to it. In
this case, it is better to be safe than sorry.
If there is a file detected as adware on your computer, it is advised to
delete it, since it most likely contains malicious code.
6.1.6 Spyware
This category covers all applications which send private information
without user consent/awareness. They use tracking functions to
send various statistical data such as a list of visited web sites, email
addresses from the user‘s contact list, or a list of recorded keystrokes.
The authors of spyware claim that these techniques aim to find out
more about users’ needs and interests and allow better‑targeted
advertisement. The problem is that there is no clear distinction
between useful and malicious applications and no one can be sure
that the retrieved information will not be misused. The data obtained
by spyware applications may contain security codes, PINs, bank
account numbers, etc. Spyware is often bundled with free versions
of a program by its author in order to generate revenue or to oer an
incentive for purchasing the software. Often, users are informed of
the presence of spyware during a program‘s installation to give them
an incentive to upgrade to a paid version without it.
Examples of well‑known freeware products which come bundled
with spyware are client applications of P2P (peer‑to‑peer) networks.
Spyfalcon or Spy Sheri (and many more) belong to a specific spyware
subcategory – they appear to be antispyware programs, but in fact
they are spyware programs themselves.
If there is a file detected as spyware on your computer, it is advisable
to delete it, since it most likely contains malicious code.
6.1.7 Potentially unsafe applications
There are many legitimate programs which serve to simplify the
administration of networked computers. However, in the wrong
hands, they may be misused for malicious purposes. This is why ESET
has created this special category. Our clients now have the option to
choose whether the antivirus system should or should not detect such
threats.
“Potentially unsafe applications” is the classification used for
commercial, legitimate software. This classification includes programs
such as remote access tools, password‑cracking applications, and
keyloggers (a program recording each keystroke a user types).
If you find that there is a potentially unsafe application present and
running on your computer (and you did not install it), please consult
your network administrator or remove the application.
6.1.8 Potentially unwanted applications
Potentially unwanted applications are not necessarily intended to
be malicious, but may aect the performance of your computer
in a negative way. Such applications usually require consent for
installation. If they are present on your computer, your system
behaves dierently (compared to the state before their installation).
The most significant changes are:
▪ new windows you haven’t seen previously are opened
▪ activation and running of hidden processes
▪ increased usage of system resources
▪ changes in search results
▪ application communicates with remote servers
6.2 Types of remote attacks
There are many special techniques which allow attackers to
compromise remote systems. These are divided into several categories.
6.2.1 DoS attacks
DoS, or Denial of Service, is an attempt to make a computer or
network unavailable for its intended users. The communication
between aicted users is obstructed and can no longer continue in a
functional way. Computers exposed to DoS attacks usually need to be
restarted in order to work properly.
In most cases, the targets are web servers and the aim is to make
them unavailable for users for a certain period of time.
6.2.2 DNS Poisoning
Through the DNS (Domain Name Server) poisoning method, hackers
can trick the DNS server of any computer into believing that the fake
data they supplied is legitimate and authentic. The fake information
is cached for a certain period of time, allowing attackers to rewrite
DNS replies of IP addresses. As a result, users trying to access Internet
web sites will download computer viruses or worms instead of their
original content.
6.2.3 Worm attacks
A computer worm is a program containing malicious code that
attacks host computers and spreads via a network. The network
worms exploit security vulnerabilities in various applications. Due
to the availability of the Internet, they can spread all over the world
within a few hours of their release. In some cases, even in minutes.
Most worm attacks (Sasser, SqlSlammer) can be avoided by using
default security settings in the firewall, or by blocking unprotected
and unused ports. Also, it is essential that your operating system is
updated with the most recent security patches.
6.2.4 Port scanning
Port scanning controls whether there are open computer ports on
a network host. A port scanner is software designed to find such ports.
A computer port is a virtual point which handles incoming and
outgoing data – this is crucial from a security point of view. In a large
network, the information gathered by port scanners may help to
identify potential vulnerabilities. Such use is legitimate.
Still, port scanning is often used by hackers attempting to
compromise security. Their first step is to send packets to each
port. Depending on the response type, it is possible to determine
which ports are in use. The scanning itself causes no damage, but be
aware that this activity can reveal potential vulnerabilities and allow
attackers to take control of remote computers.
Network administrators are advised to block all unused ports and
protect those that are in use from unauthorized access.
6.2.5 TCP desynchronization
TCP desynchronization is a technique used in TCP Hijacking attacks.
It is triggered by a process in which the sequential number in incoming
packets diers from the expected sequential number. The packets
with an unexpected sequential number are dismissed (or saved in
the buer storage, if they are present in the current communication
window).
In the state of desynchronization, both communication endpoints
To Next Page
Loading...
Need help?
General
