Network Security

An overview of socially engineered deceptive internet threats

Threats arising due to internet usage are quite wide. We will look at a few of them, especially the ones where cyber criminals use deception as the main tool to trick the net users and either plant malicious software in the computers which might later act as botnets, spyware etc. or make them come to the websites under their control.
What they do:

There are certain websites that display news items like “Micheal Jackson is back” or “US Open cancelled” etc. and try to make the users come to their websites by creating a false hype/ sensation. There are certain ads which promise an unbelievable offers or emails sent to users which such ads, which again wants the user to click on certain links or download updates etc. There are even rogue security software’s which ‘intimate’ the users that there are so many viruses in their computer, and hence they need to download a ‘free’ anti virus software. Some of them even buy a domain name similar to some popular websites (which is a wrong spelling name of the original domain, but users tend to type such web addresses in the address bar, sometimes) and use that domain to auto forward to the websites under their control. In some instances, hackers have a site that seems to be a sub-domain of a very popular site, but actually pointing to their own websites. They have a number of such tricks to manipulate complex URL’s to redirect the visitors of popular websites. There are certain services of popular websites, which wrap every web link by adding their own domain name along with the link (to track certain usage click through statistics) thereby creating an illusion that the links are a part of the popular websites, which the hackers take advantage of. There are certain URL shortening services which hide the original website name in to their own domain names (this is done to shorten certain long domains), which the hackers take advantage to hide their malicious URL and make it impossible for a user to determine where the link is actually pointing to.

Why they do:

All these things are done to basically make people go to a certain web link where the hackers could collect user credentials (In case of Phishing, Pharming etc.) or they can transfer and run some sort of automated programs on the PC’s of the users (Botnets, Spywares etc) or use them for some commercial advantages like ad campaigns, finding out user online purchase preferences etc. As you can see, from spying to stealing all kind of campaigns can be run by such online frauds.

How they do:

The hackers have a lot of techniques which they might use for commercial advantages or defaming purposes. They can use techniques like Iframe injection which is used to insert an iframe tag in to web page content to execute a snippet of their code on a third party website.  Similarly they can insert malicious code in to websites by exploiting database vulnerabilities (Like SQL Injection) etc. They can also use URL redirection techniques, where a URL could look like something, but point somewhere else. Trojan horses, which inject malicious spyware code in to the user PC’s are also quite common. Of late, there are even Pop-Under ads like Pop-Up ads, which sits behind the browser when they visit a website and are visible after the browser closes the browser. They were designed for ads, but might lead the users to some malicious websites. Even search engines could be some times tricked to refer the malicious websites in their search results when user searches for particular keywords.

How to prevent:

¤ The primary requirement in case of social engineered, deceptive tactics is to be vigilant. In case you see an unbelievable offer which is too good to be true, then probably it is. Don’t click on mails or links that promise so much money or seem to carry some sensational news items that seem suspicious.

¤ It is always a good practise to keep the browsers, operating systems and anti-virus software’s up to date.

¤ Always check the spellings of the URL you type, and there are even commercial services that tip off an organization if a very similar/ misspelled version of their URL is registered somewhere in the world. It is better if multiple such URL’s are registered by the website owners themselves and redirected to the original site automatically. It is good to have short and clear URL’s without complex and long sub-domains.

¤ If load balancers are used by certain servers to redirect users to the same application in multiple servers, then it is better not to have URL’s like www3. site. com etc, as the number clearly indicates one of the servers and hackers can guess and get in to other similar servers, which might be vulnerable.

¤ Generally browsers alert users if any applications are automatically downloaded from websites. If the websites are not trust-able, it is better to cancel running any such applications. More care needs to be taken while downloading movies/songs via P2P (Peer to Peer) software’s etc.

Related Article: Phishing and Pharming

You could stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box that says ‘Get email updates when new articles are published’.