What about file
attachments?
Overview
File attachments are the new 'targeted attack' approach used by those
who would exploit the naive user. In particular, as layered
network defenses become more effective, individual users are attacked
via email messages with application based attacks. Recently (Oct
11, 2006), Microsoft patched several vulnerabilities in the
applications
PowerPoint,
Word, and Excel, which would create
Clicking links in email
These can be the preludes to
phishing scams
viruses in email attachments
application specific attacks- word, powerpoint
Instant messaging
There are now numerous attacks via instant messaging,
usually as 'links' or attachments to pictures. You should never
install files or programs via IM links. Most install trojans
which can be further exploited.
AOL IM attack- The W23/Lamo worm
came into being as an AOL IM work
In purchased software or appliances
Some recent stories about trojan programs being
delivered in commercial software or on devices. McDonalds, in a
promotion campaign, gave out 10,000 MP3 players as prizes, but they
also had a variant of a spyware trojan on them. This trojan
affected any Windows PC to which the MP3 player was connected.
The same issue has just happened with some Apple Video iPods,
which had been shipped with the Rjump virus, again infecting Windows
PCs.
What should you do?
Some basic preventions are:
Run as a user account, not an administrator account.
Ensure your AntiVirus from http://software.case.edu is installed and
updated.
Be aware of the threat from file attachments.
|
