Common types of malware delivery mechanisms:
alt="Security Malware Installation" vspace=3 align=right
src="http://www.it-toolkits.com/images/Securitymanual.gif"
longDesc="Security Manual Template - Sarbanes-Oxley">



  • Software updates: Malware posts invitations inside social
    media sites, inviting users to view a video. The link tries to trick users
    into believing they need to update their current software to view the video.
    The software offered is malicious.

  • Banner ads: Sometimes called “malvertising,” unsuspecting
    users click on a banner ad that then attempts to install malicious code on the
    user’s computer. Alternatively, the ad directs users to a web site that
    instructs them to download a PDF with heavily-obscured malicious code, or they
    are instructed to divulge payment details to download a PDF properly.

  • Downloadable documents: Users are enticed into opening a
    recognizable program, such as Microsoft Word or Excel, that contains a
    preinstalled Trojan horse.

  • Man-in-the-middle: Users may think they are communicating
    with a web site they trust. In reality, a cybercriminal is collecting the data
    users share with the site, such as login and password. Or, a criminal can
    hijack a session, and keep it open after users think it has been closed. The
    criminal can then conduct their malicious transactions. If the user was
    banking, the criminal can transfer funds. If the user was shopping, a criminal
    can access and steal the credit card number used in the transaction.

  • Keyloggers: Users are tricked into downloading keylogger
    software using any of the techniques mentioned above. The keylogger then
    monitors specific actions, such as mouse operations or keyboard strokes, and
    takes screenshots in order to capture personal banking or credit card
    information.

Resources
Post Your Resume to 65+ Job Sites
Resume Service

Post to Twitter Tweet This Post