[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

US-CERT Cyber Security Tip ST06-006 -- Understanding Hidden Threats: Corrupted Software Files



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                      Cyber Security Tip ST06-006
         Understanding Hidden Threats: Corrupted Software Files

   Malicious code is not always hidden in web page scripts or unusual
   file formats. Attackers may corrupt types of files that you would
   recognize and typically consider safe, so you should take precautions
   when opening files from other people.

What types of files can attackers corrupt?

   An  attacker  may  be  able  to  insert  malicious code into any file,
   including  common  file  types  that you would normally consider safe.
   These  files  may  include  documents  created  with  word  processing
   software,  spreadsheets, or image files. After corrupting the file, an
   attacker  may  distribute  it  through email or post it to a web site.
   Depending  on the type of malicious code, you may infect your computer
   by just opening the file.

   When   corrupting   files,   attackers   often   take   advantage   of
   vulnerabilities   that   they   discover   in   the   software.  These
   vulnerabilities  may  allow  attackers to insert and execute malicious
   scripts  or  code,  sometimes  without  being  detected. Sometimes the
   vulnerability  involves  a  combination  of  certain  files (such as a
   particular piece of software running on a particular operating system)
   or only affects certain versions of a software program.

What problems can malicious files cause?

   There  are  various types of malicious code, including viruses, worms,
   and  Trojan  horses  (see  Why  is  Cyber Security a Problem? for more
   information).  However,  the  range of consequences varies even within
   these categories. The malicious code may be designed to perform one or
   more functions, including
     * interfering with your computer's ability to process information by
       consuming  memory  or  bandwidth  (causing your computer to become
       significantly slower or even "freeze")
     * installing, altering, or deleting files on your computer
     * giving the attacker access to your computer
     * using  your  computer to attack other computers (see Understanding
       Denial-of-Service Attacks for more information)

How can you protect yourself?

     * Use   and  maintain  anti-virus  software  -  Anti-virus  software
       recognizes  and protects your computer against most known viruses,
       so you may be able to detect and remove the virus before it can do
       any   damage  (see  Understanding  Anti-Virus  Software  for  more
       information).   Because  attackers  are  continually  writing  new
       viruses, it is important to keep your definitions up to date.
     * Use caution with email attachments - Do not open email attachments
       that  you  were  not expecting, especially if they are from people
       you  do  not know. If you decide to open an email attachment, scan
       it for viruses first (see Using Caution with Email Attachments for
       more  information).  Not  only  is  it  possible  for attackers to
       "spoof"  the  source of an email message, your legitimate contacts
       may unknowingly send you an infected file.
     * Be  wary  of  downloadable  files on web sites - Avoid downloading
       files  from  sites  that  you do not trust. If you are getting the
       files  from  a  supposedly  secure  site,  look  for  a  web  site
       certificate  (see  Understanding  Web  Site  Certificates for more
       information).  If you do download a file from a web site, consider
       saving  it  to  your  desktop and manually scanning it for viruses
       before opening it.
     * Keep  software  up  to  date  -  Install  software patches so that
       attackers   cannot   take   advantage   of   known   problems   or
       vulnerabilities  (see Understanding Patches for more information).
       Many  operating systems offer automatic updates. If this option is
       available, you should enable it.
     * Take  advantage of security settings - Check the security settings
       of your email client and your web browser (see Evaluating Your Web
       Browser's  Security  Settings  for  more  information).  Apply the
       highest  level  of  security  available  that  still gives you the
       functionality  you  need. In email clients, turn off the option to
       automatically download attachments.

Related information

     * Securing Your Web Browser
     * Recovering from Viruses, Worms, and Trojan Horses
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2006 by US-CERT, a government organization.
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST06-006.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
      
     
     
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRKLZHH0pj593lg50AQJRlwf/Wl0NQ1vgVI+fGwd4BY/GrBMA/ydnddlL
V9F9XPOY0fSDy5ffNNnOg7bAZC86N9OXINrCfR973FUTbUAMek6STLJORkSUvN3a
VIugY7YNyw+GlpXpmjrMxkB/11Y46w4nPKo4oA2xxyh7twXHBJTZLCIUOfzS63Gx
5Xq0X/2e/0FizwX7UWxcj5JATKHikLGCk+Kl1jiNb0stLTQXosXlF7rZIyGbpceK
7nGR2V95hE0e7GxHuFS4FiJ9JK614RX5A4Mv1oQu5Srdm/Kuswo7iMA3MvcFUnL2
hRDmbD0K4NKl7/TRaqjhMa9xNk+39F2lwwkMawFD64q8E2NjOMaM9A==
=jKyB
-----END PGP SIGNATURE-----

[Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Video for Linux]     [Bugtraq]     [USB]     [Fedora Security]

Add to Google Powered by Linux