According to our virus dictionary, a worm is one of the most common forms of malware. They exploit network flaws to spread larger threats and build on an operating system that spreads malicious code to other computers.

Worms can also damage connections, slowing down the internet and computer. Worse still, they can delete files from your hard drive and be difficult to defeat once they have penetrated your system (as they can usually get through most firewalls).

In this post, you will learn more about worms — and how to protect yourself from this threat.

What makes a worm?

A worm is a type of malware that, unlike common viruses , can self-replicate without the need to infect legitimate files, thus creating working copies of themselves. This capability enables worms to easily spread across computer networks and USB drives.

Some worms also spread through email messages, creating malicious attachments and sending them to the hacked account’s contact lists, often in the form of phishing.

How Worms Work

After spreading and gaining access to systems, some worms look for patches and security updates to close the holes they use. This prevents other malware from infecting the system using the same flaw – ensuring the worm’s exclusive control of its domain within the system.

These worms can also delete and modify files. Sometimes the point is just to make copies of itself over and over again – using up system resources (like hard drive space or bandwidth, hogging a shared network). In addition to wreaking havoc on a computer’s resources, worms can also steal data, install a backdoor, and allow a hacker to gain control over a computer and all of its system settings.

Worms are back to being used in SPAM

Popular around 2003 with the Bagle family, worms sent via SPAM to email accounts are once again being used by cybercriminals. The technique often uses zipped, password-protected files to distribute malware.

Because it is password protected, many antivirus programs are not able to scan files, and many security suites do not scan zip files, so they easily pass through the email security gateway.

A recent reappearance of this method for stealing data took place in Italy and was aimed at customers of Grupo Bancario Iccrea. The e-mail contained a password-protected HTML file, but with the access code included in the body of the e-mail.

When clicking, the user was invited to enter the code in the email to access the page. By informing the e-mail password, the user was directed to another page where he or she would enter credit card information, giving a false sense of security.

The reuse of this malware can represent a major threat world-wide, as more and more people have access to computers and are spending time in the virtual world, but are unaware of past threats and ways to protect themselves.

How to know if your computer has worms

If you suspect that your devices are infected with a worm, run a threat scan using your security solution immediately. Even if the verification is negative, follow the steps below.

1. Keep an eye on your hard drive space. Remember: when worms replicate themselves over and over again, they start taking up free space on your computer.

2. Monitor your machine’s speed and performance. Is your device slower lately? Are some of your programs crashing or not working like they used to? This could be a sign that a worm is consuming your processing power.

3. Be on the lookout for new or missing files. A common function of worms is to delete and replace files on a computer.

Main types of worms

The list below presents some of the most popular types of worms:

• Sobig: emerged in 2003 and was reactivated in 2013, Microsoft offered a reward to discover its creator.
• Conficker: It is most common on personal computers, blocking access to information security sites and spreading quickly over the network or USB devices. The pest is still active, but it can now be more easily removed by advanced security solutions.
• Mydoom: appeared in 2004 with rapid propagation and was generated by infected computers and through e-mail messages.
• Doomjuice: Uses a loophole created by Mydoom to infect computers.

How to protect yourself from worms

Worms are just one example of malicious software. To help protect your computer from them and other online threats, read and heed below!

• As software vulnerabilities are the main infection vectors, make sure your computer’s operating system and applications are updated to the latest versions. Install these updates as soon as they become available, as updates often include patches for security flaws.
• Phishing is another popular way for hackers to spread worms (and other malware). Always be extremely cautious when opening unsolicited emails, especially those from unknown senders that contain attachments or links. Don’t forget to activate your email service’s SPAM filters.
• Make sure you invest in a strong security solution that can help block these threats. A good product should have anti-phishing technology as well as include defenses against viruses, spyware , ransomware and other online threats. dfndr enterprise is an excellent choice for you or your company, as it uses advances in artificial intelligence to simulate and predict all types of attacks (including all the latest worms).

In practice, spoofing is used by hackers to achieve numerous goals, such as getting sensitive information from their targets, or gaining access to restricted digital environments from which they can launch additional attacks (such as ransomware) — and much more.

How does spoofing work?

It is possible to commit a wide variety of crimes by using information obtained through spoofing activities. Just imagine what a hacker or cybercriminal might do if they’re able to convincingly impersonate a company or another person.

A well-engineered spoof can take over the domain of an email or website to approach a possible victim, or gain access to internet protocols or IP addresses (which act as an identifier for computers connected to the network). Thus, it’s possible to have access to a person’s applications, get hold of their confidential data (whether personal or banking), and a spoofer can even send messages on their behalf.

This type of scam is not new, but its methods and purposes vary and increase every day.

What are the dangers of a spoofing attack?

With the possession of sensitive data, criminals can carry out a series of financial transactions using the spoofing victim’s name. Sometimes this transaction can be done with the leaked credit card details, and sometimes they can impersonate the victim in order to get credit, money from people they know, or make debts on their behalf.

A spoofer can also monitor your activities, gain access to messages sent from your device, and even sell the data they obtain to other companies.

What are the types of spoofing?

Now that you know what spoofing is, it is important to understand that this type of attack can take many forms, from the simple to the complex. Here are a few of the main forms spoofing can take:

email spoofing

Probably the most typical model occurs when an attacker uses an email to trick the recipient into thinking the message came from a trusted source. Typically, this is done in one of two ways: by removing the sender field (so that it is not possible to know who sent it), or by disguising known addresses from unknown senders.

For example, a lowercase “l” and an uppercase “I” are practically impossible to identify in a sender’s address. This type of message can also be sent via SMS (known as “smishing”), or through social media messages and other channels.

spoofing website

Website spoofing occurs when an attacker uses elements of a known page to create a similar or virtually identical copy, often displayed within a context that makes sense.

The idea is for the victim to put their information into the impostor website so that it is intercepted by the attacker.

IP Spoofing

IP spoofing is one of the more sophisticated attacks, looking to mimic a more technical point. It’s probably a type of attack that the user’s rarely even see, as the goal is to trick the system itself.

For example, a network can be configured to authenticate users according to their IP address. If the attacker manages to disguise the IP and trick you, their access is easily granted.

DNS Spoofing

The idea of ​​DNS spoofing is similar to the previous one. As you may well know, DNS (Domain Name Server) is a system that helps you translate website addresses into IPs. With DNS spoofing, attackers are able to trick the system and redirect traffic to an IP they control.

A simple metaphor can make this example clearer: just imagine that DNS are the signs on the streets, which indicate where a driver needs to go. With spoofing, a criminal “swaps” the street signs, with the aim of taking drivers wherever they want.

Facial Spoofing

This is a different strand of spoofing, with a similar principle. More and more, facial recognition models are becoming popular (to unlock smartphones, for example). For this approach, it’s common for hackers to use photos or videos of the person, with the aim of tricking the system and pretending that they are indeed there.

Good artificial intelligence may offer protection here, because it will be able to identify whether a person is trying to access that system or not.

Spoofing on social networks

Telegram, WhatsApp, Instagram and any other online service of the same category can also be used as a vehicle for spoofing.

In these cases, the victim has their account hacked, and cybercriminals use their profile or account to contact friends or family. Generally, these people simulate some emergency situation to ask for money, or they’ll announce products for sale (at extremely low prices) — but the products don’t even exist.

Telephone spoofing

Telephone spoofing calls can happen when someone impersonates a company or an institution over the phone. This usually happens through a service called Voice over Internet Protocol (VoIP), which is used to transmit online calls and spoof the number or name to be displayed on the caller ID.

So be suspicious when your cell phone shows a call with a certain name, but from some number or locale you don’t recognize

How can you detect spoofing?

Detecting spoofing yourself is possible, but as we’ve noted, it’s not necessarily easy. 

However, there are some signs that can help identify this type of attack.

Look for English and grammar errors in messages. These can be more serious grammatical errors, such as wrong words, or more subtle, such as certain inconsistencies or strange structures. 

Make it a habit to always check the links you are clicking or the email address of senders. Look for any unusual changes, however small. Look closely and compare the domain if you can. 

On smartphones, you can place your finger on links for a few seconds, so that a preview window of the content opens, as well as the link;

Note if your browser does not automatically fill in your information (if it usually does) Especially on a site you visit frequently, this may be an indication that you are on a spoof site instead.

Confidential information such as credit card numbers, passwords should only be shared on secure and encrypted sites using HTTPS at the beginning of the URL.

If an email looks sketchy, do a Google search for the content of the email itself. If it’s a known scam, it will likely turn up. 

Use the dfndr lab link checker. This is a free tool that tells you in a few seconds if a link is trustworthy or not.

How to protect yourself from spoofing?

Even if you follow all the tips above, protecting yourself can be hard to do. The big problem is that most folks won’t be able to closely observe all these details and stay aware on a daily basis.  And this is exactly what hackers count on.

Imagine someone who is going through an extremely busy day, doing a thousand things at once, who receives an email with these subtle changes. The chance of the person stopping to look and detect these errors is small. Hackers know that it is virtually impossible to be alert 100% of the time.

Of course, it’s best not to click on unfamiliar links or attachments coming from emails you’re not sure where they came from. However, as we mentioned throughout the post, the purpose of spoofing is precisely to disguise these attacks as something familiar and reliable.

Another big problem with modern companies is underestimating hackers. Attacks are no longer made by a single person wearing a hood, in a dark basement. There’s a lot of strategy and sometimes large organizations behind these hacks, resulting in attacks that are extremely sophisticated and very difficult to identify, as we have discussed in the examples above.

One option is to avoid clicking on direct links. For example, if you receive an email, an SMS (Short Message Service) or a call from your bank notifying you of a problem, avoid clicking on the link. Access the direct website or the app to confirm the information.

In cases involving social media intrusions or phone line cloning, it is important to be cautious when opting for two-step verification. Several applications already provide this option in their menu to enhance your security.

By creating extra phases for your login in communication apps, a spoofer will not have access to your message history (even if they have access to the confirmation code needed to login) and will certainly find it more difficult to hack your account.

Finally, it’s important to use some security solution (like dfndr enterprise) on your computer to make sure that the pages you access really are trustworthy. A software based on artificial intelligence will have more resources available to assess the security of your network, block potential threats, and protect your device before it becomes the target of an attack.

Did you learn something from this post? Now that you know what spoofing is and how to protect yourself from it, take the opportunity to subscribe to our newsletter. 

Then you’ll have access to more first-hand safety tips, right in your email!

The ph prefix means that both are…well…phake.

But despite the cute names, the damage that can be wrought with either method is considerable. Identity Theft is the end game for many of these swindles, and as you may know, the long tail effects of ID theft can be personally devastating (and if you’ve never really experienced or read-about just how hard ID Theft can be for individuals, we highly recommend reading through that linked article. Not fun, but essential information).

While phishing attacks are made through phishy emails, pharming is the term applied when the hacker sets a trap in the form of a malevolent website: frequently, an impostor-site posing as a well-known and trusted company site. 

Pharming: Individual User Attacks

Phishing and pharming often go together – and the phishy email lures a single user to a malicious website, where the user enters their private information and the pharmer makes off with it, using it later to sow havoc by deploying it on the real site.  

Sometimes these sites are simply set up like traps on the web – you may have encountered one or more of these by simply misspelling the name of a popular site. The result may be a jarringly different site than what you expected. 

In truth these situations are relatively easy to avoid.  But sometimes the site you’re delivered to can be very close to what you expected, and that’s where real pharming trouble can begin.

Malware can drive pharming too – redirecting you to the substitute site without your awareness or permission. It’s important to remember that hackers are increasingly fond of using techniques of misdirection. You may inherit malware through a new app you download, but the consequences arrive later, when you first log on to your bank-site or try to pay your credit card bill, and the malware takes you to an impostor site to steal that information from you.

DNS Switching  

DNS switching takes the whole pharming idea to a more dangerous height. Whereas the malware or phishing-driven pharming operates at an individual user level, DNS Switching redirects all traffic to a given website to a pharmed-out impostor. 

The malware works within the DNS server and redirects requests to reach the authentic site to the pharming site. These more sophisticated attacks often involve more sophisticated fakery, and the pharming sites can be very convincing.

How To Protect Yourself, Down on The Pharm

As always, there are a few different layers of protection you can enlist to keep yourself from pharming — and the more of them you employ, the safer you’ll be:

Mindset: Your mindset as a user is one of the best defenses you have against hackers. Remember that hackers are fond of using social engineering – which some might refer to as “good old psychology” — to lure users into interactions with iffy emails, sketchy sites, and strange-people on well-known platforms. Keep your guard up, and if somebody, something, or some site asks you for information that your bank or health club or grocery-delivery (etc.) already should have, let that alarm bell go off loudly in your head. Then take three giant steps away from your keyboard. 

If your spider-sense has even an inkling that an email from a friend or a site isn’t the real deal: slow down and check it out. In general: try not to confer the trust you have in a person or company onto any representation made for them on the web. The web is…the web. And it should always be treated with caution.

Unprotected?: Public, unsecured wifi networks really are the devil’s playground.

The upshot is that public networks have chinks in their armour, and hackers use those chinks to “eavesdrop” on your conversations. Information they steal through this technical kind of listening can lead to direct attacks, or…down the road, a phishing or pharming attack tailored just for you. 

S matters: There’s a big difference between http:// and https:// — the difference is that “s,” which stands for secure. When you see the full https://, it means that information on both ends of the website transaction is encrypted and secure. When you don’t – that may not be the case. This is such a widely accepted standard now that the absence of that s should put you on high alert.  

Phishy?: If it looks or sounds phishy, it probably is. It might also be pharmy. Here’s an example of what we mean: in one of the biggest pharming attacks ever launched, a DNS Switching attack on more than 50 financial institutions, the affected users were presented with an error screen that asked them to switch off their anti-malware and any firewall protection they might be running. Many users simply complied, and provided access to the pharming malware to do the rest of the work. 

This obviously relates to our mindset discussion as well, but we wanted to emphasize that even very sophisticated pharming attacks will sometimes rely on users turning off systems of defense: whether it be their own mindset, or settings in place on their computer designed to protect them!

Speaking of Defense…  

Of course one of the essential bits of protective equipment is a good security software solution. dfndr Pro provides several excellent tools to help you protect not only your private information but your physical phone as well. Having that combination of protections is important. 

Pro also offers a Safe App function that enables you to screen any app you might want to try before downloading it, and that can be an excellent first line of protection from malware of all types – including those that are designed expressly to uh, ”take you down on the pharm.” 

With your mindset on high-alert, and your phone protected with a well-designed, and multi-layered security capability, you can move about confidently. Just be careful out there, and try not to get any mud on your shoes!

The film tells the story of a conman who uses the Tinder app to insinuate himself into the lives of three female victims. In the film, Simon Leviev sets up elaborate romantic cons to appear as a wealthy diamond heir, then uses the trust he has gained to steal information, then money – only to use that money to fund the con for his next victim.

It’s a taut and dramatically told story, but without a clear moral or ending. (The New York Post has reported that Leviev has signed with a Hollywood agent, and “wants his own dating show.”)   

How To Stay Safe: Five Scammer Prevention Keys

But the moral for users of Tinder — and social media in general — are still the same: proceed with caution!  Below are a Five Keys to help you stay safe as you navigate dating apps like Tinder — they’re also useful guidelines for people you might meet on any other social app like Facebook:

• Do some research — and take your time. Before meeting in real life with anyone you’ve met online, take the time to do a little background research and find out if the person you’re speaking to is who they say they are. 

• Consider bringing a friend for the first date(s), and meet in public. Yes, this will keep you safer, and it might also help provide a more casual atmosphere where you can learn a little bit more about your new friend.

• Be sensitive about peculiar information requests. Spoiler alert: The Tinder Swindler orchestrated reasons to get Passport information, and then quickly put it to nefarious use. Whatever the reason given, a quick pivot to requests for detailed personal data is always a sure warning sign, especially in a new relationship.

• Keep your purse, phone, and ID’s close. Don’t overlook simple physical sources of data like these. Don’t leave them unattended. 
• If you have any suspicions, check in to things. If anything seems odd in terms of your interactions, don’t bury your head in the sand. A good security solution like dfndr security can help you track where your data is going and also protect your physical phone from theft. Stay on top of your bank and credit card accounts.

Remember: Most Scammers Don’t Do A Lot of Romancing

The Tinder Swindler is also a healthy reminder that most scams are not quite as elaborate as those cooked up by Simon Leviev.  But most scams operate on the same human emotions of romance and self-interest. 

Set some clear rules for yourself in the dating world – and also for when you’re answering emails and text messages — or when you’re looking for work on a job site.  If it looks too good to be true – it probably is!