Internet Risks, Part 1: The Problem – contributed by MyOffice Tech
There is no doubt that folks in the job market spend a lot of time on the Internet doing research, visiting many different sites to research companies, read blogs, and study articles. Every job seeker and employed individuals receive many emails with employment-related links and attachments, some of which may not be legitimate. And, let’s not forget about all those “free” tools available to us out there on the web, along with those ubiquitous “work-from-home” ads and links!
Most people know that your electronic link to the outside world can be very hazardous to your computer’s health and can spiral into nasty personal consequences if your personal and confidential information is stolen. Without a doubt, there is nothing as destructive as malware getting onto your system. In fact, instances of system downtime resulting from malware infection far exceed downtime resulting from hardware failure. The current status of online threats can be summarized as simply as this: they are dangerous, rapidly-evolving and widespread. But, many people don’t know how a computer becomes compromised, and what to do to minimize the risks.
The information provided here applies predominantly to Microsoft Windows systems. Apple Macs and Linux-based systems (such as Ubuntu) are more secure at the moment, since they are less-targeted (there are fewer of them) and their architecture is different.
I. Types of Threats and Terminology: The most common threats to us currently are:
- Malware (broad classification): Viruses, worms, trojans, rootkits, bots, scareware, meanware, hidden proxies, and keyloggers.
- Scareware: A special sub-class of malware which uses fake anti-virus pop-ups to inform you that your system is infected when it really isn’t.
- Meanware: A special sub-class of malware that damages or destroys your system just for the sick amusement of whoever wrote it.
- Hidden proxies: Silently redirects all of your internet communications through a third party which watches your web browsing.
- Keyloggers: A special sub-class of malware that records your keystrokes and sends them to the criminals.
- Bots: Hidden malware which runs undetected in the background, usually hijacking your email address book and sending out spam without your knowledge.
- Phishing: Anything that tries to trick you into doing something that will cause you to reveal personal or confidential information.
- Scams: Anything that tries to get you to pay for or send money for something that doesn’t exist, is phony, or disreputable.
- Spam: Useless or unwanted information, in the form of emails, blog or forum posts, pop-ups, or text messages that tries to get you to perform an action that results in any of the above, or for the purpose of spreading website URLs for search engine ratings increases, or just to bother people.
II. Anti-virus systems can’t keep up: Today, most malware is written and deployed by organized crime. This software is smart and is getting smarter. Old-school malware had static “profiles” or “signatures” and could be easily detected by anti-virus suites. Now, new malware constantly changes its internals so that it is not detected by traditional “signature-based” anti-virus software. This is frightening.
To attempt to keep up with such insidious, shape-shifting threats, state-of-the art anti-virus software utilize what is known as “heuristics” to detect and halt suspicious activity. Some advanced anti-virus software, in addition to signatures and heuristics, send unrecognized executable files and known executables that have been altered to the “cloud” for multiple scans. However, be aware that these do make mistakes and “false positives” result, and malware still slips though undetected.
III. Methods of Infection: The primary “attack vector” today is the Internet. The old-school infection method used to be to get the computer user to open an infected email attachment. While this still happens, it is no longer the preferred attack vector. The Internet is a far more efficient means of infection.
Today, to become infected with malware, all you have to do is visit an infected (”compromised”) website. You don’t even have to click on anything in the site. It is that simple.
So, how do the bad guys utilize the web for their nefarious activities? The most common methods are:
- They understand and use human nature against us. They target popular but weak websites, hack into them, insert their malicious code, and wait for people to visit them. Or, they place infected ads, or just set up their own infected websites. They know what application and operating system vulnerabilities exist and write their malware to exploit them. High-risk website categories are: social networking, celebrity, cooking, music lyrics, adult sites, work-from-home schemes, avatar generators, free stuff – anything that draws large numbers of visitors. Anything “free”, such as free anti-virus, screensavers, toolbars, desktop themes, video player codecs/plugins, picture viewers, utility programs, drivers, etc., are extremely risky if they come from untrusted sources.
- They prey on the human errors: at some point in time you will misspell a URL or use “.com” instead of “.org” or “.gov”. There are malicious websites set up under these common errors just for these opportune moments.
- They utilize “social engineering” to get you to visit bad websites. They send you emails and messages that look legitimate or official, but have a link that will take you to a malicious website. Users of social networking sites like Facebook, Linkedin and Twitter are at particular risk. “Official” email links are usually clicked out of uncertainty or fear (i.e., the email appears to be from your bank, the IRS or Census Bureau).
- They “poison” the web infrastructure’s “DNS” servers, your “DNS” cache, or hosts file so that when you try to go one site you actually go to another.
Another common attack vector is exploiting insecure application programs that run on your computer:
- Unpatched Adobe Reader, or Adobe Reader with JavaScript enabled is a prime target. If you click on a web link that opens an infected PDF file, or you open one in an email attachment, and you have a vulnerability it can exploit, your system will be infected. Adobe regularly updates their software with security patches but unfortunately, on many people’s computers these updates are broken.
- Java’s run-time environment and its components are another prime culprit. Many computers are operating with old, insecure Java versions because the updating mechanism is broken or old versions co-exist with new versions. Java’s updating mechanism is truly a mess.
Many firewalls are ineffective because they are weak, faulty, or configured improperly:
- Such firewalls allow unsolicited and malicious traffic into your system.
- The firewall replies to Internet “pings” from malicious sources, revealing to them that your system “exists”. They will now try to attack your system with even more zeal.
- The firewall allows malicious processes already on your machine to communicate with their criminal “command and control centers”, sending out personal or confidential information.
Please continue to Part 2 to read about how to fight back and minimize your risks.
Ed Meadows
Manager
MyOffice Tech, LLC
http://MyOfficeTechLLC.com
Support@MyOfficeTechLLC.com
360-769-0050
May 18th, 2010 at 12:31 pm
Thanks Sherri and Ed – this is excellent information.