7 Common Targets of Stealth Threats

QuickTime Concerns

The Threat

We sometimes forget that there are Apple products on the Windows PC -- and those need to be regarded with the same sort of scrutiny as any other

application. A big part of the concern is, again, ubiquity: Many PCs have QuickTime or iTunes installed, and most of us don't think of those things as potential security holes. However, various exploits have been documented in both the Mac and PC versions of QuickTime.

The Mechanism

Two examples: In 2007, a nasty buffer overflow exploit affected just about every extant version of QuickTime in both Windows and Mac machines. And another bug was found in 2008 with similar properties. (Want more examples? Search US-CERT using the keyword "QuickTime" to see many more such exploits.)

The Prevention

Apple does have an automatic updater for its software in Windows, so PC users should keep QuickTime updated. Also, keep the number of file types associated with QuickTime itself to a minimum -- most people just use it to play QuickTime files and nothing else anyway, so this helps limit the available attack surface.

Obfuscated URLs

The Threat

URL-shortening services like bit.ly or is.gd have become all the rage with the rise of Twitter and Facebook. They're also a great way to slip someone a digital Mickey Finn: What better way to hide an attack than to not even let people know the actual URL they're clicking on?

The Mechanism

URL shorteners generally perform no safety checking on the links they process. Also, shortened URLs tend to be passed around from user to user without much thought for whether or not they've been sanitized. Consequently, someone can pass you a direct link to malware or to an infected site, and folks with a blind click-first reflex may end up taken somewhere they don't want to go.

The Prevention

LongURL is a site that lets you paste in a short URL and expand it to see if you're dealing with something malicious. If copy-and-paste is too much hassle, they also provide an add-on version of the service for Firefox, which shows you the long version of the URL when you hover over a shortened link. LongURL also offers a set of APIs that can be integrated with things like jQuery, so people who integrate link-shortening tools into their own sites or programs can make use of such tools, too.

In addition, many Twitter clients -- such as TweetDeck and Mixero, to name two -- have a preview function that shows the long form of a shortened URL so that you can see what you're about to click on.

Subscribe to the Security Watch Newsletter

Comments