What Attackers Want With Your Computer
If you are like most computer users, you can't even do simple things
like read your email or surf the web without the nagging worry that one of
the attachments you open or links you click on is going to allow an
attacker into your computer. This worry is unfortunately not unfounded
given the wide variety of attacks circulating in the Internet. This is
Jeanna Matthews and today on Common Sense Computing, we are going to be
talking about the techniques and goals of modern attacks, how these have
changed over time and what that means to computer users who are trying to
defend themselves.
Many early viruses and worms didn’t seem to do any permanent damage.
Instead they simply wanted to show users that they'd been had in a type of
technical one-up-manship. Viruses like these told users "We can
destroy your system anytime we want to - but we didn't".
A later class of viruses and worms took it one step further and made
good on the threat by overwriting data or otherwise corrupting the
compromised machine. Viruses that did more damage made bigger headlines but
didn't actually benefit the attackers in any direct way. However, writers
of viruses and malware have clearly been working on their business models
since then. Newer viruses are much less likely to be outright destructive.
Attackers now want compromised systems to stay running but under their
control. In fact, some new viruses will actually patch other holes in the
system to prevent other attackers from elbowing in on their territory. But
how do attackers generate income from compromised systems? Or in other
words, what do compromised systems have that attackers want?
Some attackers don't actually want anything from you other than to use
your computer as a base to launch other attacks. By compromising many
computers, attackers assemble an army of minions willing to attack large
commercial sites at the attackers signal. Such attacks are called
distributed denial of service attacks and they can take down even a large
server farm simply by overwhelming it with requests such that legitimate
requests can't get through.
Just because these distributed denial of service attacks don't appear to
hurt your computer directly, don't be fooled. The fact is that when an
attacker has control of your system they can still destroy it at will and
in fact attacks that make your computer part of a “botnet” army are often
accompanied by other attacks that can hurt you. For example, spyware that
watches what you do whenever you use your computer - looking for you to
enter personal information like usernames, passwords, credit card numbers,
etc. Attackers then use this information to impersonate you, gain access to
other systems or charge merchandise to your accounts.
The good news about these trends in viruses is that since they aren't
immediately destructive, you have more time to detect the attack without
losing all your precious data, but unless you want to be part of an
attacker's business model, finding and eradicating these attacks is still
just as important.
For more information on detecting malicious software running on your
computer, you can visit us on the web at www.commonsensecomputing.org. For
Common Sense Computing, this is Jeanna Matthews.
Wikipedia: Botnet
Copyright (c) 2005 - Jeanna
Matthews
|