[accesscomp] from Accessible Devices

  • From: "Bob Acosta" <boacosta@xxxxxxxxxxx>
  • To: "Bob Acosta" <boacosta@xxxxxxxxxxx>
  • Date: Wed, 18 May 2011 13:05:25 -0700

    The next time a website says to download new software to view a movie or 
fix a problem,
think twice. There's a pretty good chance that the program is malicious.
In fact, about one out of every 14 programs downloaded by Windows users 
turns out
to be malicious, . And even though Microsoft has a feature in its 
Internet Explorer
browser designed to steer users away from unknown and potentially 
untrustworthy software,
about 5 percent of users ignore the warnings and download malicious 
Trojan horse
programs anyway.
Five years ago, it was pretty easy for criminals to sneak their code 
onto computers.
There were plenty of browser bugs, and many users weren't very good at 
But since then, the cat-and-mouse game of Internet security has evolved: 
have become more secure, and software makers can quickly and 
automatically push out
patches when there's a known problem.
So increasingly, instead of hacking the browsers themselves, the bad 
guys try to
hack the people using them. It's called social engineering, and it's a 
big problem
these days. "The attackers have figured out that it's not that hard to 
get users
to download Trojans," said Alex Stamos, a founding partner with Isec 
Partners, a
security consultancy that's often called in to clean up the mess after 
have been hacked.
Social engineering is how the Koobface virus spreads on Facebook. Users 
get a message
from a friend telling them to go and view a video. When they click on 
the link, they're
then told that they need to download some sort of video playing software 
in order
to watch. That software is actually a malicious program.
Social-engineering hackers also try to infect victims by hacking into 
Web pages and
popping up fake antivirus warnings designed to look like messages from 
the operating
system. Download these and you're infected. The criminals also use spam 
to send Trojans,
and they will trick search engines into linking to malicious websites 
that look like
they have interesting stories or video about hot news such as the royal 
wedding or
the death of Osama bin Laden.
"The attackers are very opportunistic, and they latch onto any event 
that might be
used to lure people," said Joshua Talbot, a manager with Symantec 
Security Response.
When Symantec tracked the 50 most common malicious programs last year, 
it found that
56 percent of all attacks included Trojan horse programs.
In enterprises, a social-engineering technique called spearphishing is a 
problem. In spearphishing, the criminals take the time to figure out who 
attacking, and then they create a specially crafted program or a 
maliciously encoded
document that the victim is likely to want to open -- materials from a 
they've attended or a planning document from an organization that they 
do business
With its new SmartScreen Filter Application Reputation screening, 
introduced in IE
9, Internet Explorer provides a first line of defense against Trojan 
horse programs,
including Trojans sent in spearphishing attacks.
IE also warns users when they're being tricked into visiting malicious 
another way that social-engineering hackers can infect computer users. 
In the past
two years, IE's SmartScreen has blocked more than 1.5 billion Web and 
download attacks,
according to Jeb Haber, program manager lead for SmartScreen.
Haber agreed that better browser protection is pushing the criminals 
into social
engineering, especially over the past two years. "You're just seeing an 
in direct attacks on users with social engineering," he said. "We were 
really surprised
by the volumes. The volumes have been crazy."
When the SmartScreen warning pops up to tell users that they're about to 
run a potentially
harmful program, the odds are between 25 percent and 70 percent that the 
will actually be malicious, Haber said. A typical user will only see a 
couple of
these warnings each year, so it's best to take them very seriously.
Robert McMillan covers computer security and general technology breaking 
news for
The IDG News Service.

This is an Announce only list.  Subscribers are not able to post to this list.
You will find the list archives at:
Sorry, but we're not able to provide help for archive users.
To unsubscribe from the Accessible Devices list copy the line below.  Paste it 
To: line of a blank message and send it.
You may download our podcasts from this link,
Or if you're using a podcatcher of some type the subscribe URL is.
Visit our website at:
Please feel free to pass this message on to a friend who might like to 
To subscribe to Accessible Devices send a blank e mail to:
Just follow the directions in the confirmation message when it comes.
Please Note: Accessible Devices is not able to provide tech support for software
or products that we supply information about.
A-d mailing list
A-d mailing list

Robert Acosta, President
Helping Hands for the Blind
Email: boacosta@xxxxxxxxxxx
Web Site: www.helpinghands4theblind.org

You can assist Helping Hands for the Blind by donating your used computers to 
us. If you have a blind friend in need of a computer, please mail us at the 
above address.

Other related posts:

  • » [accesscomp] from Accessible Devices - Bob Acosta