In an embarrassing blow to an Indian anti virus software maker, hackers compromised its website and turned it into a host for malicious code. This fact came to light when another security company, AVG, spotted the malicious code emanating from the download site for AvSoft’s SmartCop, an anti-virus software package.
The hackers used an exploit called ‘iFrame injection’ to hack into the site. Using this technique, attackers open an invisible iFrame window within the victim’s browser that redirects the client to another server. The other server in turn, launches attack code that attempts to install malicious software on the victim’s computer. In this particular case, it was the Virut virus.
Victims take heart because Virut exploits only well known vulnerabilities, which implies that users who are running anti virus software on fully patched systems will most likely be not affected.
Read the details about the hack from here.
This is not the first time though that a high profile Indian corporate site was hacked into and used as a launch pad for compromising visitors machines. Earlier, Bank Of India website was also similarly compromised by Russian hackers even though the trust-brokering sites continued to rate BOI website as safe and free of malware to the visitors.
The moot question here is, is there a way to protect yourself 100% from malwares and viruses online?
Stopping short of using the internet completely, there is no sure shot way to guarantee this.
However there are smart ways and means through which you can at least ensure that chances of your computer getting infected are minimized.
Virus, Trojans, Malware
Other than the basic advice, like keeping the computer anti virus definitions up to date, try and avoid clicking on shady links or something which you are not sure of. Even though in cases like BOI and AvSoft, there is no way the bank customers could have protected themselves.
As far as phishing scams are concerned, the way I protect my computer is by ensuring the URL is exactly what its supposed to be and not by clicking on something I got in an email or social networking site. Another popular way is to install Google page rank tool. Usually all genuine websites have a high page rank and obviously the fake site would have no rank (or minimal rank). So if you came across, lets say a fake Facebook login page, a quick glance at the low pagerank bar should be enough to raise a red flag in your mind. Pagerank comes as part of the Google tool bar.
Key Logging Software
Key logging software is another tool used by professional hackers to hack into the victim’s machine. Using social engineering techniques, the program would be installed on your computer. As you type, the key strokes are logged and eventually mailed to the hacker. Using the log file, the hacker can come to know your passwords.
How do you protect yourself in the above case?
May look complicated but the solution is actually quite easy. The trick lies in how you enter the password. Lets say your password is – Brandon-123! Instead of linearly typing the password, do the following. First type ‘B’ and the ‘!’. Now use the mouse to place the cursor in between the typed characters. Remember, key logging software can log your key strokes, not the mouse. Once the cursor is in between the two characters, type the remaining password. What the hacker would get to see is – B!randon-123.
(If the hacker is a tough nut, the password can still be broken. But at least you made the job difficult).
I gave you a simple way, you can further complicate the sequence in which you enter the password like entering the first three chars, then last two and finally using the mouse to place the cursor in between. This should further befuddle the hacker but on your part do make sure that the password is long and random.