About Me

Bay Area, CA, United States
I'm a computer security professional, most interested in cybercrime and computer forensics. I'm also on Twitter @bond_alexander All opinions are my own unless explicitly stated.

Tuesday, December 21, 2010

I'll Be Pwned For Christmas

I'll be pwned for Christmas
You can count on me
Please have bots and viruses
And exploits for me

When talking to people about viruses and infections, I've found that many people are confused about how virus infections happen.  By now most people realize that files you download can be viruses, but hackers have found ways to circumvent people's caution.  First, the virus can be disguised as something else - such as an update to Flash Player - to trick people into trusting it.  Second, a malicious website can utilize a vulnerability in your browser to secretly download and execute the virus.  This is called a drive-by download, and some believe these types of attacks are responsible for most virus infections.  This is one of several reasons why it's important to keep your computer up to date with the latest patches.  Your browser, operating system, PDF viewer (usually Acrobat), Flash player, and Java (if you have it) all need to be kept up to date because each of them can contain vulnerabilities that can be exploited to gain control (pwn) your computer.

There are several goals a hacker might have for infecting your computer, but fundamentally a computer is a resource to exploit.  Modern malware, particularly botnets, are becoming very sophisticated.  If Zeus (Zbot) infects your system, it can modify webpages you visit to post it's own ads, intercept website credentials (including bank accounts) and send them to the hackers, steal documents, send spam email, turn off your antivirus, install additional viruses, track your keystrokes, and grant full control over your computer ... all from a file as small as 270 kb. 

With millions of dollars per year at stake, it's no wonder that virus authors will do whatever they can in order to infect you.  Among other techniques, one method is by referencing current events in their spam, or building sites which are specifically designed to appear at the top of search results for key topics of the moment.  This time of year, that includes using holiday greetings to infect you and using websites that appear at the top of searches for holiday terms.

What can I do about it?

Get good antivirus protection.  Use an up-to-date browser.  Not only are modern browsers more secure, newer versions include protection against malicious links.  Use good spam protection.  Keep your OS updated, and if you're still running Windows XP it's time to move up.  Always, always think before you click.


  1. "Get good antivirus protection."

    - What would you recommend, for Mac vs PC?

  2. There aren't very many AV options for Mac, but Sophos is a well-trusted brand and they've recently released their antivirus for free on Mac.

    For PC, the field is quite a bit more crowded. Any antivirus is better than no antivirus, but I like Webroot's software (full disclosure, I work for Webroot). I'd suggest a fully-featured security suite over plain antivirus to provide useful tools like a password manager and malicious URL blocking. Symantec's Norton is also not bad, but Webroot has a more user-friendly interface and more convenient auto-update and auto-scanning options.