Cyber Security Tip ST06-006
Understanding Hidden Threats: Corrupted Software Files
Malicious code is not always hidden in web page scripts or unusual file
formats. Attackers may corrupt types of files that you would recognize and
typically consider safe, so you should take precautions when opening files
from other people.
What types of files can attackers corrupt?
An attacker may be able to insert malicious code into any file, including
common file types that you would normally consider safe. These files may
include documents created with word processing software, spreadsheets, or
image files. After corrupting the file, an attacker may distribute it
through email or post it to a web site. Depending on the type of malicious
code, you may infect your computer by just opening the file.
When corrupting files, attackers often take advantage of vulnerabilities
that they discover in the software that is used to create or open the file.
These vulnerabilities may allow attackers to insert and execute malicious
scripts or code, and they are not always detected. Sometimes the
vulnerability involves a combination of certain files (such as a particular
piece of software running on a particular operating system) or only affects
certain versions of a software program.
What problems can malicious files cause?
There are various types of malicious code, including viruses, worms, and
Trojan horses (see Why is Cyber Security a Problem? for more information).
However, the range of consequences varies even within these categories. The
malicious code may be designed to perform one or more functions, including
* interfering with your computer’s ability to process information by
consuming memory or bandwidth (causing your computer to become
significantly slower or even “freeze”)
* installing, altering, or deleting files on your computer
* giving the attacker access to your computer
* using your computer to attack other computers (see Understanding
Denial-of-Service Attacks for more information)
How can you protect yourself?
* Use and maintain anti-virus software – Anti-virus software can often
recognize and protect your computer against most known viruses, so you
may be able to detect and remove the virus before it can do any damage
(see Understanding Anti-Virus Software for more information). Because
attackers are continually writing new viruses, it is important to keep
your definitions up to date.
* Use caution with email attachments – Do not open email attachments that
you were not expecting, especially if they are from people you do not
know. If you decide to open an email attachment, scan it for viruses
first (see Using Caution with Email Attachments for more information).
Not only is it possible for attackers to “spoof” the source of an email
message, but your legitimate contacts may unknowingly send you an
infected file. If your email program automatically downloads
attachments, check your settings to see if you can disable this feature.
* Be wary of downloadable files on web sites – Avoid downloading files
from sites that you do not trust. If you are getting the files from a
supposedly secure site, look for a web site certificate (see
Understanding Web Site Certificates for more information). If you do
download a file from a web site, consider saving it to your computer and
manually scanning it for viruses before opening it.
* Keep software up to date – Install software patches so that attackers
cannot take advantage of known problems or vulnerabilities (see
Understanding Patches for more information). Many operating systems
offer automatic updates. If this option is available, you should enable
it.
* Take advantage of security settings – Check the security settings of
your email client and your web browser (see Evaluating Your Web
Browser’s Security Settings for more information). Apply the highest
level of security available that still gives you the functionality you
need.
Related information
* Securing Your Web Browser
* Recovering from Viruses, Worms, and Trojan Horses
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Note: This tip was previously published and is being
re-distributed to increase awareness.
Terms of use
http://www.us-cert.gov/legal.html
This document can also be found at
http://www.us-cert.gov/cas/tips/ST06-006.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html.