Home | Sitemap | deutsch  | Legals | KIT

Security Risks for Computer Systems

Internet Browser

A web browser like the Microsoft Internet Explorer or the Mozilla Firefox enables the user to surf on the available websites on the internet. Modern web browsers are very capable programs that offer a wide range of capabilities and can be used not only to view text and pictures, but can also be used for sending emails, conducting video conferences, and more. These additional capabilities come at a cost as they increase the complexity of the web browsers, resulting in possible programming errors in the browser code or misconfigurations of the browser itself.

 

Active Content

Active content on a website (e.g. javascript, flash) can be executed within the browser on the computer of a user when displaying a website. As this is done automatically, the user has no control what actions exactly are being executed. This can be prevented by prohibiting the automatic execution of active content, either by making the corresponding settings within the configuration options of the web browser or by installing and using a plugin that is controlling the execution of active content. Some web sites require to be allowed to use active content to be displayed correctly.
Attention: It is important that all browser extensions for executing active content (e.g. Adobe Flash or Adobe Shockwave) are kept up-to-date.

Cookies

Sometimes a website will welcome a revisiting user by addressing her or him by name even before logging into the website. But how can a website know the correct address? The explanation is, that a website can use so-called cookies for storing visitor information, that are then again accessed by the website when they are revisited. To prevent this, all internet browsers allow  establish rules, how cookies are to be handled. Cookies themselves are not executable programs, but simple text files to store information as instructed by the website through the browser. As cookies are no executable programs, they do not pose an immediate threat.

Malware

Virus

The number of viruses is continually increasing. Viruses are distributed by infected files via email or other file distribution methods (e.g. pen drive, mobile hard disk). A virus is capable of infecting other files on the same computer system or mounted storage devices (e.g. pendrive, network attached storage). The virus writes its code in the infected file, making it unreadable or manipulating the properties of the file. It is almost not possible to clean an infected file or the cleaning process renders the file non-functional. Therefore a good anti-virus protection should be present on each computer system to prevent a virus infection.

Trojan Horse

A Trojan Horse, or Trojan, is a malicious computer program used to hack into a computer by misleading users of its true intent. Usually they are part of a compromised program with a changed installation routine. During the installation not only the intended program, but also the trojan is installed. It usually works in the system's background and performs harmful actions like stealing passwords or other sensitive data. The stolen data are then transmitted back to the attacker. Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves unlike viruses and worms.

 

Worms

A computer worm is a standalone malware that replicates itself in order to spread to other computers. One example of a worm has been the "blaster" worm that used a vulnerability in the Microsoft operating system to spread to other systems after the initial infection of a system. Only with the help of a patch for the vulnerable operating systems stopped the "blaster" worm.

The initial infection is usually achieved by tricking a user open an email attachment containing the worm. Therefore, it is very important to check every email attachment, especially if the email comes from an unknown sender or seems suspicious for any reason. As a worm will search for an infected computer system for email addresses to use these in further distribution emails, even emails from known senders might contain an infected attachment.
The aim of the worm is then to trick the receiver into opening the infected attachment. To achieve this, usually some kind of threatening or time critical situation is described in the email. Every email should always be viewed with some caution and the following properties should be checked:

  • No personal address
  • Spelling mistakes or unusual or wrong expressions
  • Direct prompt to open the attachment
  • Unusual sender that you do not expect to receive an email or is unknown to you.

It is a good approach to always act cautiously when handling email and to never open email attachments with unknown origin. If possible, you should only be logged into your computer with a normal user account and not the administrators account, to prevent severe damage in case you inadvertently open an infected attachment.

 

Spyware

Spyware tries to collect any information of the user of an infected system (e.g. preferred websites, hobbies, contacts) and to deliver this information back to the originator of the spyware.
The intention behind the spyware is to deliver more targeted popups or advertisements, that are more tailored to the interests of the user. Spyware is very often a component in computer programs that are offered for free. It can usually not be easily removed as it is an integral part of the offered program. Therefore, caution is advised when installing any free programs.
Spyware is usually created by commercial companies. Normally the companies ensure,  for legal reasons, that the spyware is pointed out to the user, but this might be not very obviously. It is recommended not to install a program that contains spyware.

Keylogger

Keyloggers are a very simple yet very effective type of malware. A keylogger connects itself with the driver of the computer keyboard and stores every keystroke that is executed by the user on the keyboard into a log file. Targets of interest are obviously login information and passwords for the access to secured systems or encrypted files. Keyloggers like viruses and worms can be detected with the help of anti-virus software.

Phishing

Phishing is used to coerce or to dupe the receiver of the phishing email to provide their login information or other information. To "convince" the receiver very often reasons like "system changes", "upgrades of the user accounts", or irregularities with the account are mentioned. The actual aim of the attacker is usually to gain the login information by asserting pressure on the receiver. Very often phishing emails can be recognized by addressing the receiver in the wrong language (English instead of German or vice versa), containing spelling errors, or are of an unusual sentence construction.

Once an attacker has gained the login information these compromised accounts are then misused for further criminal activities like the mass mailing of SPAM emails or illegal gathering of data from compromised systems.

Here is an example of a phishing email:

-- Phishing Email Example --
There will be a general upgrade in our system between October 15 to December15 

2009.Due to the anonymous registration of uni-karlsruhe.de accounts and the 

numbers of dormant accounts,we will be running this upgrade to determine the 

exact number of subscribers we have at present.
You are instructed to login to your uni-karlsruhe.de and verify if your account 

is still valid and send immediately the following:
Userame:................................(Compulsory)
Password:...................................(Compulsory)
Date of Birth:..............................(Optional)
State:........................................(Optional)
...
Note that if your account do Login, send us the details or otherwise it means 

it has been deleted.Sorry for the inconveniences this might cause you,we are 

only trying to make sure you dont loose informations in your accounts.
All you have to do is Click Reply and supply the information above, your account 

will not be interrupted and will continue as normal.
Thanks for your attention to this request.Once again We apologize for any 

inconveniences. Warning!!! Account users that refuse to update their account 

after 5 Days of receiving this warning,user will loose his/her account 

permanently.
-- End of Phishing Email Example --
Be advised and keep in mind, that neither the ServiceDesk nor staff personnel of the SCC will ever ask for any password via email or phone or any other way.

In the event that you receive a request to provide your password via email, do not follow that request. Instead, contact the Computer Emergency Response Team of the KIT (KIT-CERT; certJxu8∂kit edu), provide the dubious email to the KIT-CERT and then delete the email. If you are contacted via phone and asked for your login information then do not provide the requested information. Inform instead the KIT-CERT (0721 / 608-45678) immediately about the incident.

SPAM

SPAM has originally been an abbreviation used in the American meat industry for "spiced pork and meat". Today SPAM describes the repeated mass mailing of unsolicited information and advertisements. SPAM is mainly sent via email. Special computer programs (so-called bots) scan the internet for email addresses and store them in databases. The bots are looking for typical characteristics of an email address, e.g. constellation of letters containing "@" and  a ".". One countermeasure is never to put the email address in plain on a website. Instead, the address can be obscured like this "Edward.Example at kit.edu". A person that is looking for your email address will be able to make the required adjustment and will be able to send you an email.

Weak Passwords

A password protects the direct access to the computer system over the network as well locally. But if a too simple password is used (e.g. "Elvis") then it can be broken within seconds by performing an intelligent brute-force dictionary attack. To prevent this a password guideline has been put into effect, that enforces the use of strong passwords.

In general, every password can be broken. But to determine a strong password like "TbC#jotgM0" takes an attacker much longer than determining a weak password like "Elvis" that can be found in a dictionary. A strong  password can be created from a sentence by using the first letters of each word from the sentence: "The blue cow jumps over the green moon" and adding some special characters.