Malicious software and hackers populate the online world looking for people who fall for the same easily thwarted traps. These exploits and tricks focus mainly on users who are not interested in providing even a small attempt at security. People can be lazy and these hackers exploit that fact.
However, from time to time a new tactic is found that will surprise even the most hardened of online security professional. These are innovations in maliciousness and, for the most part, are as simplistic as they are devious.
Today's best hackers are as sneaky as they are devious. These attacks can originate from previous malware attacks or can be a totally new take on an old security trick. Either way, knowing what to look for will save you time and suffering.
Host File Redirect
Many active online users are unaware of the existence of a DNS-related file named Hosts. Located in the System32 file, the Hosts file includes textual entries that link typed domain names with the correct IP address. The original use for the Hosts file was to provide a way for DNS resolution on the local machine without having to make a DNS call. In most instances, the DNS works well and the Hosts file is not put into use. However, it still exists.
The problem stems from hackers and malicious software that make use of the Hosts file to change existing DNS assignments to a different IP. When this happens, the user can be sent to a different site that contains more malicious software or personal data phishing attempts. The redirected sites can look exactly like the true site, but with subtle differences.
File Name Tricks
File name tricks are an old standard of hacker tricks and has existed as long as malicious code has been used. The process behind the file name trick exists in hiding the true file name behind Windows OS procedures or expectation that users will not pay much attention. For example, consider a malicious file with the name "BSpearsNudePix" using multiple extensions after the name. The file would end up saying "BSpearsNudePix.Zip.exe" and because of a still-existing Windows process that hides the most popular file extensions, the last ".exe" might be hidden, leaving the file as "BSpearsNudePix.Zip."
A new version of this trick has recently been found. The trick uses Unicode characters to change the existing file name displayed to something else. A popular version of this is the "Right to Left Override," or U+202E, which can fool systems to take a file name like "BSpearsNudePixavi.exe" and then display the same file on your system as "BSpearNudePixexe.avi."
In order to protect yourself from file name tricks, be sure that you are aware of the full name of any file opened on your computer.
Fake Wireless Access Points
One of the easiest hacks to accomplish is the fake wireless access point. All it takes is a bit of software and a wireless card can mimic a public wireless access point while still connected to the actual free Wi-Fi point.
Consider how many times you have visited a coffee shop or other business that advertises free wireless and connected right away. In situations like these, a hacker can simply offer his system up as a surrogate access point with a name like "McDonalds Free Wi-Fi" or "Starbucks Wireless" and everyone in the area will connect right to it. The hacker then collects bits and piece of unsecured data while users believe they are safely surfing the free public Wi-Fi. It would scare you to know just how much information, like passwords, are transmitted in plain text.
The only way to be sure that the Wi-Fi you are using is the correct one is to confirm the SSID from a help desk or customer service representative.