There has been a significant increase in phishing attacks on both PCs and Macs. Read the full story from Ed Bott of ZDNet at http://www.zdnet.com/blog/bott/new-wave-of-phishing-attacks-serves-malware-to-pcs-and-macs/4648?tag=nl.e539
Posts Tagged ‘malware’
Hey football fans! There’s a new “virus” targeting your computer! Sorry, not you Steelers, Giants and Panthers fans, this “virus” is targeting the other football fans – World Cup fanatics.
As the World Cup tournament for 2010 gets ready to kick of in South Africa, a new computer infection has been released. The malware is part of an attachment sent by email. The email references the World Cup tournament this summer and offers a free tourism guide for the nation of South Africa, the host of this year’s competition. The attachment is a PDF document and uses a security issue in Adobe Reader to infect the victim’s PC. While this infection has not been a big problem in the US, other parts of the world are being hit harder because of their love for the World Cup tournament.
Updates for Adobe Reader have been released to fix the security issue but software that has not been updated is still vulnerable. Make sure you update your applications on a regular basis, update your antivirus software and avoid unexpected attachments.
Protecting your computer can sometimes seem a daunting task but many common-sense precautions can take the bite out of a malicious attack. It’s not whether or not your computer will become infected but when will your computer be the subject of a malicious attack and are you prepared. Computer viruses can get to your computer through downloaded Internet files, unsolicited internet pop-ups, your e-mail (including spam), through the network on which your computer resides, and from files on removable media (such as floppy disks, external hard drives, CD-R disks, and flash drives). First and foremost, know what files you are accessing and where they’re from. If you are using floppy disks to share files with others, make sure you write-protect the disks to prevent additional files, such as viruses, from being added without your knowledge. Secondly, keep up with all the patches and updates needed by your operating system and other applications such as antivirus software. Lastly, create a very strong username/password combination and backup your data. These three simple steps are the foundation of a strong protection effort against malicious software and can turn a potentially disastrous malicious attack into a minor inconvenience.
Protecting your computer from malicious software requires that you properly identify the source of the files and applications that you access on your computer. Malicious software programmers often use hooks to trick you into opening and installing their creations on your computer. This commonly involves an internet pop-up, a “free” software offer, or an e-mail with an attachment. These devices often contain the malicious software code so the creator will try to fool you into opening the software which then installs onto your computer.
Websites which have desirable downloads may also download additional software without your knowledge. During the installation of downloaded software, watch for the checkmarks and make sure you’re not installing additional applications that you don’t want. While many of these additional downloads are not malicious in nature, they can slow your computer’s operation. Additional toolbars are really big right now; these range from the old Yahoo and Google toolbars to the new Bing and Crawler toolbars. Just take your time when doing an installation and read the applet windows to know what you’re installing.
Also remember that every time you visit a website, a cookie is sent to your computer via your browser and bounced back to the originating web server. Cookies have been the concern of Internet privacy advocates for years because they can be used for tracking your browsing behavior. Cookies have also been criticized because the identification of the users that they provide is not always accurate and they could potentially be the target of and manipulated by network attackers. Delete your cookies and temporary internet files regularly.
You should also be careful when visiting websites and pay particular attention when downloading add-ons. They may seem like a good deal in the beginning but you could wind up with malicious advertising hacks, spyware or even a rogue. These unintended downloads can reek havoc on even a well-protected system. Most anti-virus software was never intended to keep the user from installing software – even if that software is of a malicious nature. When in doubt, don’t download.
If you receive an unsolicited e-mail with an attachment, don’t open it unless you can verify its validity. Even e-mails that claim to be from legitimate organizations like UPS or FedEx may be fake and contain attachments that, when opened, infect your computer. It may seem like a harmless Word document when in fact it downloads software that could compromise your network or computer.
Malicious code is often written to take advantage of the errors or vulnerabilities within your legitimate software. Teams of programmers spend thousands of hours writing the code for the software that we use everyday and, during the process, they leave holes. Sometimes these holes are left intentionally to allow cooperative teams the ability to mesh sections of code together but they are never cleaned up before the final product is released to the public. Intentional security holes placed by malicious programmers are rare but have been known to exist. Most often, the security holes are simply unintentional and are not caught during the beta testing of the software.
Windows operating system bugs are regularly exploited by hackers to give their malicious software a foothold inside your system. These security exploits are beyond the scope of most users so it is up to the operating system manufacturers to resolve these challenges. Malicious software programmers taking advantage of these operating system bugs is very serious since they can use these security holes to take control of your computer and gain access to the data found on your hard drive including: your personal information, your banking information, your customers’ information, passwords, credit card numbers, and other data that can be used in identity theft scams. To thwart this threat the user must be diligent in applying updates and patches to the operating system. With the Microsoft products, you will find a “Windows Update” option within the programs supplied with the computer. Sometimes released weekly or even daily, software patches and updates can be configured to download and install automatically from within the application’s options menu.
Your anti-virus software must be regularly updated as well. New viruses or variants of old viruses emerge almost daily. Anti-virus manufacturers are diligent about combating these threats and work hard to make their product the best on the market. Popular “purchased” anti-virus programs such as Norton, McAfee, and Webroot compete for market share with several free antivirus solutions like AVG, Avast and ClamWin. Positive reviews of their software are the bread and butter of these manufacturers so they are constantly trying to ensure they are stopping any new viruses within hours of their emergence. Hackers and malicious programmers have also found that their work can be very lucrative. Rogues, often called scareware, claim to have found viruses or other security threats on your computer and are intended to scare the user into making purchases of “snake oil” remedies to combat the presumed threats with a credit card over the internet. The purchase leaves the user with a worthless scrap of software on their PC while the perpetrator collects the $49.95 and then sells the credit card information on the black market. While not all malicious attacks are stopped by an anti-virus program, it is imperative that you update your virus definitions and run scans on a regular basis to combat these threats.
Although usernames and passwords are becoming less popular, giving way to biometrics and smart cards, they still are very much a player in the day to day computing of the home user and small business owner. Passwords however are subject to attacks by worms and other malicious software especially if those passwords are easily compromised. Users should create strong passwords and take care to keep those passwords secure. It is a standard that strong passwords consist of at least eight characters including upper and lower case letters with numbers mixed in; even better passwords contain non-alphanumeric characters such as underscores, exclamation marks, or mathematical characters. The intent is to create a password that is not a normal word found in the dictionary. By encrypting passwords, strong hardware authentication can be established providing for additional security of your system.
When it all comes down to it, the most important part of your computer isn’t the CPU or hard drive, the operating system or applications, all those can be replaced. The most important part of your computer is the data that resides on it. Pictures, documents, files, e-mails, invoices – these are the irreplaceable parts. The last piece of a strong protection effort against malicious attacks is to set up and run backups regularly. These backups are your insurance policies that allow you or your system administrator to recover from critical system failures. Backups can be performed in a number of different ways to a number of different hardware devices including external hard drives, CDs, DVDs, tape or, in even larger networks, system libraries. Backups can even be completed over the internet to off-site facilities that specialize in data storage. No matter what configuration is used, backups are essential.