Malware Trivia: Episode 8

 

Hi again and welcome back to this week’s round of questions and answers on security.  Today’s questions come from our loyal readers Jeet and Indranil and cover denial of service attacks, rogue social networking applications and some extra info on wireless networking security.

Will you please tell something about how a denial of service attack operates, and how a victim may dodge the attack? – Question asked by Jeet

Denial of service attacks rely on the fact that servers (and all other kind of hosts on the Internet) have a limited capacity when it comes to handling traffic and connection attempts. Whenever too much traffic is directed towards a host, it will fail to serve all the requests and will crash under the flow of information.

This kind of attack has been widely used lately for a variety of reasons, including blackmailing and retaliation. Since most service providers can handle serious amounts of traffic without failing, cyber-criminals rely on distributed denial of service attacks that send connection requests from multiple machines, which are usually infected with malware such as DDoS bots. However, there have been instances when attackers have used open-source server stress tools for attacking a specific host, as it was the case with the attacks in 2010 against the services that refused to provide support for Wikileaks.

There are multiple types of denial of service attacks, and each one has its own specifics. The most frequent types of attack are Ping of Death (which relies on overwhelming the victim with packets of data) and the SYN flood attack (which fills the server’s connection table, thus preventing it to initiate other connections with legit clients).

And a tricky question: to what extent the online mail services hack proof? – Question asked by Jeet

If we’re talking about worldwide-renowned e-mail service providers, I strongly doubt that there are any ways of hacking into a user’s mailbox by exploiting a breach or programming error. Most of these e-mail service providers have been on the market long enough to have their security flaws detected and fixed, not to mention the fact that they are designed and maintained by armies of highly specialized engineers and thoroughly tested before opening them to the public. What makes this kind of account vulnerable is social engineering, as the user is the weakest link in the security chain.

Please shed some light on the credibility of the several Facebook apps and their implications on cyber-security. – Question asked by Jeet.

One of the things that make a social network great is its expandability and capability of being customizable. However, these privileges are also some of the key elements cyber-crooks are trying to exploit in order to cash on the unwary user. At the moment, there are quite a number of malicious applications that allegedly allow the user to see how others interact with him or her (such as the “Who’s your top stalker” or “See who blocked you” applications), but in fact, only collect personal information, use compromised accounts for spreading further and monetize curiosity through forcing the user into filling surveys in. What is utterly important is the fact that there are a number of rogue application development kits available on the grey market, which allows even a programming noob the ability to create their custom app.

Another take in the social networking war is the emergence and blooming period of the Koobface worm, a piece of malware that uses the users’ walls to spread itself through appealing posts accompanied by what looks like a video. As soon as they attempt to watch the video, they get a tiny piece of malcode impersonating a plugin. If they install it, their computer will become part of a botnet.

At BitDefender, we constantly keep an eye on this kind of threats and have developed an application called SafEgo that actively monitors your and your friends’ feeds and block harmful content before you get infected or involuntarily re-post the respective content and infect others.

I want to know about some wireless stuff like WiFi-sniffing, Rouge AP, masquerading, Wi-fishing etc. – Question asked by Indranil.

Wireless security is a key concern for both home and corporate users. Unfortunately, because of the complexity of the matter, I won’t be able to thoroughly reply your questions.

• WiFi Sniffing is a technique in which an unauthorized client intercepts and analyzes traffic between two wireless pieces of equipment. Usually, WiFi sniffing is used to intercept sensitive data such as usernames & passwords from users connected to unencrypted access points or to analyze regular traffic on WEP-encrypted access points in order to crack the key.
• Rogue APs (also known as unauthorized access points) are wireless routers installed in a company either by an unwary employee without approval from the IT department, or by an attacker (say, during a visit on the company’s premises). This type of access point can be exploited by the criminal later in order to gain access to the company’s network from outside the building. This is also one of the reasons wireless security is treated with extreme caution in the corporate environment.
• IP masquerading is a form of network address translation used to hide a private network behind an IP address in the public space. However, other than the fact that clients can’t achieve full end-to-end connectivity with other hosts on the Internet, I’m not aware of a situation where IP masquerading can pose a security risk.

That’s about it on today’s issue of the Malware Trivia. As usually, I’m looking forward to answering your security-related questions which you can ask using the feedback form below. See you next Monday!

 

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owner.