Wednesday, February 2, 2011

New Computer and Cell Phone Attacks

New Computer and Cell Phone Attacks

Not to be forgotten are the newest methods to attack computers and cell phones. These new attacks focus on bluetooth, SMS and even ipods! Not only are there the usual trojans, malware, and phishing attacks, there are not also 'smishing', and 'bluebugging'. To learn more, read the definitions below;

Smishing or "SMS phishing" is a phishing attack that specifically targets cellular phones. Victim receive an SMS message with a hyperlink wherein a malware automatically finds its way to the cellular phone, or leads the victim to a phishing site formatted for cellular phones. The term was brought on by David Rayhawk in a McAfee Avert Labs blog.

Botnet (Zombie PCs) a "Robot" and "Network," a Botnet is any number of internet connected computers that inconspicuously forward e-mails (which include spam, malware, or viruses) to other computers on the internet. These infected computers, also known as "zombies" deliver DoS attacks (Denial of Service) and often rely on thousands of zombie PCs.

BlueBugging: (not to be confused with bluesnarfing) allows a skilled person to illegally access a cellular phone via Bluetooth wireless technology. More often than not, going unnoticed to the phone's owner. A vulnerability such as this allows phone calls, and SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. Fortunately, widespread impact is minimized because of the range of bluethooth technology. Access is only attainable within a 10 meter range of the phone.

Pod Slurping: Coined by US security expert Abe Usher; is when your iPod or any portable USB storage device begins to surreptitiously copy large amounts of files from your computer to its hard drive. Pod slurping is becoming an increasing security risk to companies and government agencies.

Ransomware makes a computer unusable, then demands payment in order for the user to regain full access. Ransomware is also commonly referred to as a "cryptovirus" or "cryptotrojan." Examples of Ransomware include Gpcode.AK, Krotten, and Archiveus. Ransomware was originally a with a trojan called PC Cyborg, created by a Dr. Joseph Popp.

Scareware is software that tricks computer users into downloading or purchasing it, under the guise of fixing their computer. In reality the faux anti-virus program is the problem itself. Scareware programs often run a fictitious virus and malware scan, and then present the user with a list of malicious programs or problems that must be corrected. The scareware informs the computer user that in order to fix these "problems" it will require the user to pay a fee for a "full" or "registered" version of the software. Examples of scareware include: System Security, Anti-Virus 2010, and Registry Cleaner XP.

Sidejacking: Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted "session-id". The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you've bought online, or control your social network account, and so on. Robert Graham, who pulled together a variety of known and new vulnerabilities and packaged them into an automated session snatcher, was responsible for this term.