You don??™t hear it in the news much, but corporations and nationstates
are being targeted today by client-side attacks with the intent of industrial espionage
and stealing secrets. This is sometimes referred to as spear phishing.
PART IV
NOTE More information on spear phishing can be found at the following
URLs:
www.microsoft.com/athome/security/email/spear_phishing.mspx
www.pcworld.com/article/id,122497-page,1/article.html
Client-side vulnerabilities are especially effective in spear phishing attacks because an
attacker can easily choose a set of ???targets??? (people) and deliver a lure to them via e-mail
without knowing anything about their target network configuration. Attackers build
sophisticated, convincing e-mails that appear to be from a trusted associate. Victims click
on a link in the e-mail and end up at evil.com with the attacker serving up malicious web
content from an attack web server to the victim??™s workstation. If an attacker has found a
client-side vulnerability in the victim??™s browser or a component used by the browser, she
can then run code on any specific person??™s computer whose e-mail is known.
Internet Explorer Security Concepts
To understand how these attacks work, it??™s important to understand the components
and concepts Internet Explorer uses for a rich and engaging browsing experience.
Pages:
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649