Today, the most common method of luring victims into a botnet involves client-side exploitation, and I expect to see even more of it as we move through 2007. In these attacks, the bad guys send content via email or by hosting it on Web pages. This content, often Microsoft Word documents, PowerPoint presentations, PDF documents and the like, should not be executable. In these cases, the attacker's file is carefully formatted to exploit...
a vulnerability in the associated document-reading application. A huge number of vulnerabilities have been discovered in these applications recently.
Most users have been educated to avoid running attachments that contain executables, and many organizations' mail servers even filter out executable attachments. But with an exploit for a normal document-viewing application, any type of attachment can contain executable code. Thus, users who would never run a .exe might get infected by viewing a .doc, .ppt, PDF or other file type. It's a sad state of affairs, and I expect that we'll see much more of that infection vector in 2007.
Related Q&A from Ed Skoudis, Contributor
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.