Three new hacker tricks

Computer attackers are more focused these days. They're targeting individual businesses, rather than spreading viruses around the world. These targeted attacks are much more dangerous.

Virus writers historically were hobbyists out to prove themselves. Worms and viruses were designed to spread as much as possible. Many made headlines.

In contrast, recent small-scale attacks seek to avoid attention. The motivation nowadays is to gain company information for profit.

Most of these attacks are launched through e-mail. They are sent to particular companies or even just one person. The focus allows hackers to research their victims thoroughly. Targeted messages can fool even cautious employees.

Many company Web sites have plenty of information for targeted attacks. The typical contact page lists names and e-mail addresses for departments like sales, support and human resources. The information can lend an air of trust or urgency to a harmful e-mail attachment.

I've already seen these attacks in my own inbox. The last was a résumé attachment that looked like a referral. The e-mail was well written. It included a position we have open. And it mentioned someone at the office as a referral.

The attached Word document was actually a Trojan horse. Fortunately, I spotted problems in the file's name. But future attacks will no doubt be even better crafted.

Antivirus programs aren't well suited to customized threats. They're designed to catch malware sent blindly to thousands of recipients.

Security firms analyze growing threats to determine virus signatures (identifying features). The signatures are released as updates to antivirus programs. Isolated attacks may remain undiscovered far longer than widespread threats. That's more time to siphon a company's employee or customer data.

Stop spies before they get in

To prevent targeted attacks from infiltrating your workplace, always be skeptical. Almost any e-mail message bearing attachments is suspect. Here are three telltale signs of a possible threat:

1. An unexpected e-mail attachment
Be wary of any e-mail attachment you never requested. And don't trust the return name or address. Those can be easily forged. Your best bet is to verify with the sender by phone.

2. Deceptive file names
It used to be that you could spot a trick e-mail by its poor grammar. Today, many attacks are professional and well written. But sometimes you can still catch deceptive attachments by the file name.

By default, Windows hides file extensions like .doc (Word) or .xls (Excel). This is good for simplicity, but bad for security. Viruses could bear names such as "memo.doc.exe." Windows hides the true file extension, leaving the appearance of a Word file.

You can force Windows to always show file extensions. Click Start>>Control Panel. Double-click Folder Options. Select the View tab. Clear the checkbox labeled "Hide extensions for known file types." Then click OK.

Be aware that inspecting file names is not a fail-safe method. A legitimate Word document could nevertheless include a harmful macro. However, a tricky file name should be your cue to avoid the attachment and delete the e-mail.

3. Embedded links
Though not as direct as attachments, links in e-mail can be just as harmful. A deceptive link could whisk you to a fake login or company IT support page. Even your workplace e-mail password opens the door to insider information and contacts for further attacks.

Deceptive e-mail links and look-alike Web pages are the tools of phishing. You can find ways to spot bad links in my tip on avoiding phishing scams... http://www.komando.com/tips/index.aspx?id=355

All of these problems can be addressed by verifying with the sender. Determine over the phone or via e-mail whether the person indeed sent the attachment or link.

Though e-mail is commonly used, it's not the only avenue of attack. Instant messaging (IM) also is used to trick employees into opening the company's network. Like e-mail, IM programs allow file attachments and links.

As with e-mail, verify any files or links sent your way. Don't ask over IM, as you may be dealing with an impostor. A quick phone call to the sender will suffice.