Socially engineered Trojans provide the No. 1 method of attack (not an exploit or a misconfiguration or a buffer overflow). An end-user browses to a website usually trusted -- which prompts him or her to run a Trojan. Most of the time the website is a legitimate, innocent victim that has been temporarily compromised by hackers.
Usually, the website tells users they are infected by viruses and need to run fake antivirus software. Also, they're nearly out of free disk space and need a fake disk defragger. Finally, they must install an otherwise unnecessary program, often a fake Adobe Reader or an equally well-known program. The user executes the malware, clicking past browser warnings that the program could possibly be harmful. VoilĂ , exploit accomplished! Socially engineered Trojans are responsible for hundreds of millions of successful hacks each year. Against those numbers, all other hacking types are just noise.
0 comments :
Post a Comment