Many computer users often dismiss security best practices because they find them inconvenient, they have never been affected in the past, or because they think the rules don’t apply to them. Many cling to the misguided belief that because they don’t bank or shop online, bad guys won’t target them. This post examines some of the more common ways that cyber criminals can use your PC.
Web/Email Serving – Criminals commonly use hacked PCs as a host for a variety of schemes, including:
- Spam Web sites
- Phishing Web sites
- Malware infected sites
- “Warez/Appz” servers which host pirated software and movies.
- Child pornography servers
Zombie Attacks – Infected PCs also frequently are turned into zombies designed to carry out many tasks for cyber crooks, such as:
- Relaying junk e-mail
- Participating in DOS (denial-of-service attacks) designed to overwhelm web sites by pelting them with massive amounts of bad traffic.
- Engaging in “click fraud,” which uses fake mouse clicks on networks of phony Web sites that siphon money from advertisers.
E-Mail Attacks
An infected PC potentially has great value to spammers and attackers beyond simply acting as a relay for junk e-mail. For example, compromised systems are often harvested for e-mail addresses that will be sold and used in future phishing and spam attacks.
Account Credentials
Any stored credentials particularly user names and passwords for online services are fair game on hacked PCs. Credentials for voice-over-IP or Internet-based telephone services like Skype also are a hot item on underground cyber criminal forums, because they can be used to mask the caller’s location and aid in a variety of scams.
Credentials that victims use to administer Web sites even social networking site web pages can be of huge value to cyber crooks. Stolen file transfer protocol (FTP) credentials, for example, give attackers control over the victim’s site, which is often then use to host malicious programs or other illicit content that helps further a variety of online criminal schemes.
Finally, credentials that allow access to the network of the victim’s employer or company can be of great interest to digital thieves. Many companies allow important private information to be accessed with simple credentials and criminals can grab a high price tag for this leaked information.
Financial Credentials
When casual Internet users think about the value of their PC to cyber crooks, they typically think stolen credit card numbers and online banking passwords. But as we have seen, those credentials are but one potential area of interest for attackers.
This list simply highlights the major reasons that hackers look to gain control of your computer but this list is ever evolving. Staying on top of security with the latest Windows or MAC operating system updates, Antivirus updates, spyware/malware updates & frequent scans are the only way you can minimize your exposure.
Ask StoneHill how our Managed Service solutions can automate these tasks for you and keep your company protected.
Tags: account credentials, click fraud, denial of service, DOS, financial credentials, hackers, managed services, phishing, spam, virus, Zombie Attacks
