Tracking cookies

How can a cookie threaten my computer?

A cookie itself cannot harm the computer, However, the cookie can help malicious actions. Being a plain text file, they are vulnerable, meaning that they can be “harvested” by other applications.

Why is it necessary to scan cookies?

Cookies can contain information to lead a possible attacker to the respective computer. For example: if an attacker releases a Trojan in order to gain control over several computers. This Trojan’s payload contains dropping a Backdoor (to open a port), changing the homepage of the browser and placing a “malicious” cookie in the browser’s cookie area. When the unsuspecting user launches the browser, then it automatically connects to the new homepage (namely the attacker’s website). Once this is done, the malicious cookie is being read and the attacker becomes aware of the fact that the computer is infected. By knowing this, it becomes a piece of cake to take over the computer using some exploits or the open port. Let’s say that the user becomes aware of the infection and manages to remove the Trojan and the Backdoor from the computer. However, if the cookie remains on the computer, it can supply information again to the attacker if the user “manages” to access the untrusted web page again. The computer is therefore exposed once again to a possible attack. As explained in the above scenario, the cookie is used to provide information about a computer but it is not responsible for the attack itself.

Other types of malicious attacks using cookies

Cookies are vulnerable to third-party attacks. Recently virus analysts discovered exploits (Internet Explorer, Mozilla Firefox, JavaScript) that allowed an attacker to harvest information from cookies using either different cookies or the so-called spyware software (for example login information for different servers the customer might use).