Microsoft Latest Watering-hole Attack Victim

Security Danger SignKnow what a watering-hole attack is? It refers to attackers compromising a website and using it to serve malicious code, in advance of their desired target visiting the site. The watering-hole technique has been used in numerous attacks, including exploits of Google committed by the so-called Aurora gang. This technique has also been used in the recent past against Apple, Facebook, and Twitter.

Using malicious Internet sites to infect computers is not new; phishing attacks lure computer users to malicious sites to be infected all the time. However, watering-hole attacks are a bit different in that the compromised website is usually one that specifically targets employees of companies whose computer networks the bad guys want to ultimately infiltrate.

According to an Information Week.com article, in the Microsoft attack, the compromised website was one that software developers frequently visit. In this way they were able to target Microsoft programmers, and other programmers who visited that site, to  infect their computers. But the end game in these attacks is to then infect the computers and networks of the company the programmers work for the next time they use that computer at work. Why programmers? Because they usually have a high-level of security authorization for their company’s networks and systems; thus allowing the malware their computers now carry to assume that security authorization and use it to infiltrate the company’s networks to locate and steal company secrets, software, and anything else they find of value.

Reference: Microsoft Hacked: Joins Apple, Facebook, Twitter

Be very careful…it’s dangerous out there.

Please comment on this article; we all learn from each other when our views and opinions are shared.

I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.

Remember, personal computing is a blast…keep it productive and enjoyable.

Best regards,

Paul

paulsinternetsecurity(at)yahoo.com

I’m also on Twitter, @PaulsInternet.

Images courtesy of FreeDigitalPhotos.net and FreeByte.com

Advertisements

Leave a comment

Filed under Cybercrime, Facebook, Google, Internet Security, malware, Warning

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s