As the malware landscape evolves, it's helpful
to understand how malware gets onto your machine. Knowing the
bad guys' strategies gives you the edge while on-line and puts
you in a stronger position to defend your data and PC against
compromising threats. We all know that we should install anti-malware
software, keep it up to date and run regular scans, apply Windows
and application security patches when they become available, use
a firewall... well, I won't bore you - you know what to do. But
what kind of attacks can we expect and where are they coming from?
It's good to have defences in place to keep your PC secure in
the event of an attempted malware infection but having advance
warning of the enemy's tactics can help you avoid getting into
tricky situations in the first place. The most common way malware
gets onto your system is via the biggest security risk on any
computer system - between the chair and the keyboard. According
to Microsoft's recently published Security Intelligence Report,
almost 45% of infections stem from the malware writer using various
social engineering tactics to persuade the user to take some kind
of action that results in the user running a malicious file, thereby
infecting their own machine. This means that the malware writer
doesn't have to spend time thinking of complex and ingenious ways
to infiltrate your machine – they just have to present you with
a credible reason to install and run their program. Compare this
idea to a street crime: imagine if someone said they were conducting
a survey called “Are Modern Wallets Too Heavy?” and asked to check
how much your wallet weighs. Instead of seeing it for the risk
that it is, you give them your wallet, PIN number and for good
measure, your mobile phone, then punch yourself in the face and
hail a taxi for them to make a getaway. That's a pretty extreme
illustration but the point is that you would recognise this as
a potential threat and walk away. Most people are unlikely to
intentionally install malware on their machine, but if the malware
employs a social engineering technique to make it appear credible,
you could find yourself in trouble. A common technique is to prey
upon user's fear. People can be easily persuaded if you frighten
them. The media frequently reports on cyber-crime and as we mentioned
before, we're all aware of the need for an anti-malware program.
Bad guys have taken full advantage of this and unleashed hundreds
of legitimate looking security applications, that scan your machine
then present you with a lot of scary, non-existent infections
then try to trick you into buying the software to remove the infection.
The best way to avoid this is to use a reputable anti-malware
application like Ad-Aware or F-Secure. Another common tactic is to lure the
user into installing an application that will allow them to watch
a video, but predictably that application turns out to be malware.
Big surprise, no? To a lot of people, it is. If you are in doubt
about an application you have downloaded, you can scan it with
Ad-Aware but a cool trick is to upload the file to Virus Total
which will give you information about which anti-malware companies
detect the file. If you see a lot of hits, it's more than likely
malware and you should delete it. For more information, check
the United States Computer Emergency Readiness Team (US-CERT)
guide for avoiding social engineering attacks.
Contact
Alan
E-mail - alan@aandp.co.uk
Telephone 0151 608 4236
F-Secure® Internet
Security™ 2012
offers better security online without slowing
down your computer. The completely redesigned new version offers
significantly improved performance, including 70 % less memory
consumption and 60 % faster scanning. It also provides enhanced
protection against viruses, malware, spam e-mail, and cyber criminals.
Key Features
Easy to install and use
Real-time blocking of viruses, spyware
and other malware
Instant protection against new threats
(DeepGuard)
Firewall for protection against hackers
Browsing Protection identifies dangerous
websites and protects your identity online