Alan sez, "EFF's Deeplinks blog brings us an update on what we know (so far) about how the NSA has been deploying malware onto servers and peoples' computers.
The template for attacking people with malware used by the NSA is in widespread use by criminals and fraudsters, as well as foreign intelligence agencies, so it's important to understand and defend against this threat to avoid being a victim to the plethora of attackers out there.
Once a victim visits a malicious website, how does the attacker actually infect the computer? Perhaps the most straightforward method is to trick the user into downloading and running software. A cleverly designed pop-up advertisement may convince a user to download and install the attacker's malware, for example.
The NSA has a set of servers on the public Internet with the code name “FoxAcid” used to deploy malware. Once their Quantum servers redirect targets to a specially crafted URL hosted on a FoxAcid server, software on that FoxAcid server selects from a toolkit of exploits in order to gain access to the user's computer. Presumably this toolkit has both known public exploits that rely on a user's software being out of date, as well as zero-day exploits which are generally saved for high value targets.2 The agency then reportedly uses this initial malware to install longer lasting malware.
Once an attacker has successfully infected a victim with malware, the attacker generally has full access to the user's machines: she can record key strokes (which will reveal passwords and other sensitive information), turn on a web cam, or read any data on the victim's computer.
They also have some good, sensible suggestions for keeping yourself safe.
How The NSA Deploys Malware: An In-Depth Look at the New Revelations