- What is a cookie?
- How can a cookie threaten a computer?
A cookie itself cannot harm the computer, as it does not and cannot hold code (therefore the cookie cannot perform an action itself). However, the cookie can support (help) malicious actions to be taken on the respective system. Even more, being a plain text file, they are vulnerable, meaning that they can be “harvested” by other applications.
- Why is it necessary to scan cookies?
As already mentioned the cookies themselves cannot harm the computer. However they can contain certain information to lead a possible attacker to the respective computer. For example: we will consider that an attacker releases a Trojan in the wild in order to gain control over several computers. This Trojan’s payload contains in dropping a Backdoor (to open a port), changing the homepage of the browser and placing a “malicious” cookie in the browser’s cookie area. When the unsuspecting user launches the browser, then it automatically connects to the new homepage (namely the attacker’s website). Once this is done, the malicious cookie is being read and the attacker becomes aware of the fact that the computer is infected. By knowing this, it becomes a piece of cake to take over the computer using some exploits or the open port.
Let’s say that the user becomes aware of the infection and manages to remove the Trojan and the Backdoor from the computer. However, if the cookie remains on the computer, it can supply information again to the attacker if the user “manages” to access the untrusted web page again. The computer is therefore exposed once again to a possible attack.
As explained in the above scenario, the cookie is used to provide information about a computer but it is not responsible with the attack itself.
- Other type of malicious attacks using cookies
When talking about cookies it’s important to know how to protect cookies from other cookies or applications or how to protect a computer against cookie attacks. Due to the fact that cookies are necessary for browsing or the fact that the cookie traffic is invisible to the computer user, a “cookie control” module is needed to help the user. BitDefender Internet Security detects both viral and spyware attacks using the signature based mechanism. This feature is included in the default configuration of the product so that the customers are not required to perform further actions for this matter.