Different Ways Cookies Can Put Your Information at Risk
A cookie is a mere piece of information and not a program code or a plug-in, so it does not act maliciously on computer systems. Cookies can not be used to spread malware, spyware or adware nor can they access your hard drive to find out information about you.
However, cookies can be a threat to privacy only when you give any sensitive information, such as credit card details, or other personal information which will most likely be also stored in a cookie unless you have the feature turned off in your browser. Some security issues associated with cookies include:
Cookie poisoning is performing of unauthorized modification of data stored inside the cookie. This can be easily performed with the help of tools available from internet. Most websites store secure cookies but still there are websites that apply poor encryption on cookies, which can be easily decoded. A good example of cookie poisoning is to attack a shopping cart on a website to change the total shopping cost to a huge discount.
Worms & Trojans
Worms such as Lohack and NetSky, which are associated with mass-mailing are capable to search and collect email addresses to text files and this can also include a user’s cookie.
Often Trojans are used to help steal a user’s cookie, which could be related to banking and contain sensitive information.
An attacker could insert a malicious code to a legitimate and vulnerable website and when visitors come to the site, all get automatically redirected to another site where a malicious cookie stealer code awaits. The attacker then uses the stolen cookies to steal user’s online identity. These kinds of exploits and attacks are known as 'phishing', in which links can look legitimate, however it is not.
Backdoors can also be used to steal cookies associated to banks or online shopping sites such as eBay, Amazon, Kindle etc.