Trojans are often used to launch Distributed Denial of Service (DDoS) attacks against targeted systems, but just what is a DDoS attack and how are they performed?
At its most basic level, a Distributed Denial of Service (DDoS) attack overwhelms the target system with data, such that the response from the target system is either slowed or stopped altogether. In order to create the necessary amount of traffic, a network of zombie or bot computers is most often used.
Zombies or botnets are computers that have been compromised by attackers, generally through the use of Trojans, allowing these compromised systems to be remotely controlled. Collectively, these systems are manipulated to create the high traffic flow necessary to create a DDoS attack.
Use of these botnets are often auctioned and traded among attackers, thus a compromised system may be under the control of multiple criminals – each with a different purpose in mind. Some attackers may use the botnet as a spam-relay, others to act as a download site for malicious code, some to host phishing scams, and others for the aforementioned DDoS attacks.
Several techniques can be used to facilitate a Distributed Denial of Service attack. Two of the more common are HTTP GET requests and SYN Floods. One of the most notorious examples of an HTTP GET attack was from the MyDoom worm, which targeted the SCO.com website. The GET attack works as its name suggests – it sends a request for a specific page (generally the homepage) to the target server. In the case of the MyDoom worm, 64 requests were sent every second from every infected system. With tens of thousands of computers estimated to be infected by MyDoom, the attack quickly proved overwhelming to SCO.com, knocking it offline for several days.
A SYN Flood is basically an aborted handshake. Internet communications use a three-way handshake. The initiating client initiates with a SYN, the server responds with a SYN-ACK, and the client is then supposed to respond with an ACK. Using spoofed IP addresses, an attacker sends the SYN which results in the SYN-ACK being sent to a non-requesting (and often non-existing) address. The server then waits for the ACK response to no avail. When large numbers of these aborted SYN packets are sent to a target, the server resources are exhausted and the server succumbs to the SYN Flood DDoS.
Several other types of DDoS attacks can be launched, including UDP Fragment Attacks, ICMP Floods, and the Ping of Death. For further details on the types of DDoS attacks, visit the The Advanced Networking Management Lab (ANML) and review their Distributed Denial of Service Attacks (DDoS) Resources.
Sunday, June 20, 2010
Common Botnets
A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Bots communicate with botnet command and control (c&c) servers, enabling the remote attacker to update existing infections, push new malware, or instruct the infected computer to carry out specific tasks. In general, the presence of the bot gives the remote attacker the same abilities as the legitimate logged in user.
Botnets are used for everything from delivering spam, phishing attacks, data theft, to distributed denial of service attacks. Most botnets sell 'space' or 'services' on the botnet to bidders who may then deliver additional malware or use it for additional malicious purposes. These botnets-for-hire make it difficult to define what any specific botnet is intended to do, as that intent may change depending on the bidder.
Common botnets include the following:
• Asprox Botnet
• Gumblar Botnet
• Koobface Botnet
• Mariposa Botnet
• Storm Botnet
• Waledec Botnet
• Zeus Botnet
Are You in a Botnet?
A botnet is a collection of infected computers under the control of one or more attackers. These botnets are used for a variety of criminal purposes – all of which pose serious risk to the infected user as well as to the entire Internet community.
Once your computer is under the control of a botnet, it may be used to spam others, host phishing sites and other illicit files, infect or attack others, or have adware and spyware foisted on it so the attackers can collect from various affiliate advertising programs.
Even worse, many of today’s threats include keylogging capabilities. Of special interest to the attackers are your personal financial details – once stolen they are used for everything from credit card fraud to outright identity theft. In short, it’s not just your computer at risk – it’s your wallet.
The Botnet Population is Huge
According to a study by McAfee, "at least 12 million computers around the world (are) compromised by botnets." That means the botnet operators are controlling a population rougly the size of Guatemala. In fact, the number of infected systems would place it at about 70 out of 230 sovereign states and territories. More than Greece, bigger than Hungary, Belgium, Portugal or Cuba, and just a million behind Zimbabwe and Ecuador. The Czech Republic, Bolivia, Sweden, and the Dominican Republic would all be smaller.
While broadband users are favorite targets, dial-up users are equally vulnerable. Various studies have demonstrated that an unpatched, unprotected system can be compromised in as little as 5 minutes online. And if you're thinking it can't happen to you, think again.
It's All About the Money
Viruses, worms, and Trojans have evolved far beyond the childish pranks of yesteryear. Today's attackers are serious criminals - in it for the money - and your system spells international currency. Botnet operators get somewhere between 15 to 40 cents per infected computer, which means they need thousands of infected computers to make serious cash. And with all the focus on money, and not on notoriety, you can bet they'll make every effort to stay under your radar and get onto your system.
To ensure the greatest chance of survival, malware authors routinely submit their creations to online scanners. They repeat this process over and over again, until they've successfully created a virus, worm, or Trojan that the scanner won't detect. And that's the one they'll use to attack your system.
This means the vast majority of new viruses, worms, Trojans and other malicious software may not be detected by most antivirus or antispyware scanners until after (a) it's been discovered and (b) you've applied the necessary updates. But the malware authors have a trick for this, too. They also craft their malicious code to cripple the scanners such that the necessary updates may never take place.
Become Actively Engaged in Your Own Security
This isn't to say that antivirus isn't needed. Antivirus software is a must - and on a properly managed system, it's invaluable. But it's not a panacea and if it's your only line of defense, chances are it will be breached. Security isn't a passive endeavor and to stay secure you must become actively engaged in your own protection.
Achieving good computer security can seem like a daunting task. Fortunately, following the few simple steps outlined below can provide a good measure of security in very little time.
Use antivirus software and keep it updated. You should check for new definition updates daily. Most antivirus software can be configured to do this automatically.
Install security patches. Vulnerabilities in software are constantly being discovered and they don't discriminate by vendor or platform. It's not simply a matter of updating Windows; at least monthly, check for and apply updates for all software you use.
Use a firewall. No Internet connection is safe without one. Firewalls are necessary even if you have a dial-up Internet connection - it takes only minutes for a a non-firewalled computer to be infected.
• Free ZoneAlarm Firewall
• Using the Windows Firewall
Secure your browser. Many labor under the dangerous misconception that only Internet Explorer is a problem. It's not the browser you need to be concerned about. Nor is it a matter of simply avoiding certain 'types' of sites. Known, legitimate websites are frequently being compromised and implanted with malicious javascript that foists malware onto visitors' computers. To ensure optimum browsing safety, the best tip is to disable javascript for all but the most essential of sites - such as your banking or regular ecommerce sites. Not only will you enjoy safer browsing, you'll be able to eliminate unwanted pop-ups as well.
Take control of your email. Avoid opening email attachments received unexpectedly - no matter who appears to have sent it. Remember that most worms and trojan-laden spam try to spoof the sender's name. And make sure your email client isn't leaving you open to infection. Reading email in plain text offers important security benefits that more than offset the loss of pretty colored fonts.
Treat IM suspiciously. Instant Messaging is a frequent target of worms and trojans. Treat it just as you would email.
Avoid P2P and distributed filesharing. Torrent, Kazaa, Gnutella, Morpheus and at least a dozen other filesharing networks exist. Most are free. And all are rife with trojans, viruses, worms, adware, spyware, and every other form of malicious code imaginable. There's no such thing as safe anonymous filesharing. Avoid it like the plague.
Keep abreast of Internet scams. Criminals think of clever ways to separate you from your hard earned cash. Don't get fooled by emails telling sad stories, or making unsolicited job offers, or promising lotto winnings. Likewise, beware of email masquerading as a security concern from your bank or other eCommerce site.
Don't fall victim to virus hoaxes. Dire sounding email spreading FUD about non-existent threats serve only to spread needless alarm and may even cause you to delete perfectly legitimate files in response.
Remember, there's far more good than bad on the Internet. The goal isn't to be paranoid. The goal is to be cautious, aware, and even suspicious. By following the tips above and becoming actively engaged in your own security, you'll not only be protecting yourself, you'll be contributing to the protection and betterment of the Internet as a whole.
Botnets are used for everything from delivering spam, phishing attacks, data theft, to distributed denial of service attacks. Most botnets sell 'space' or 'services' on the botnet to bidders who may then deliver additional malware or use it for additional malicious purposes. These botnets-for-hire make it difficult to define what any specific botnet is intended to do, as that intent may change depending on the bidder.
Common botnets include the following:
• Asprox Botnet
• Gumblar Botnet
• Koobface Botnet
• Mariposa Botnet
• Storm Botnet
• Waledec Botnet
• Zeus Botnet
Are You in a Botnet?
A botnet is a collection of infected computers under the control of one or more attackers. These botnets are used for a variety of criminal purposes – all of which pose serious risk to the infected user as well as to the entire Internet community.
Once your computer is under the control of a botnet, it may be used to spam others, host phishing sites and other illicit files, infect or attack others, or have adware and spyware foisted on it so the attackers can collect from various affiliate advertising programs.
Even worse, many of today’s threats include keylogging capabilities. Of special interest to the attackers are your personal financial details – once stolen they are used for everything from credit card fraud to outright identity theft. In short, it’s not just your computer at risk – it’s your wallet.
The Botnet Population is Huge
According to a study by McAfee, "at least 12 million computers around the world (are) compromised by botnets." That means the botnet operators are controlling a population rougly the size of Guatemala. In fact, the number of infected systems would place it at about 70 out of 230 sovereign states and territories. More than Greece, bigger than Hungary, Belgium, Portugal or Cuba, and just a million behind Zimbabwe and Ecuador. The Czech Republic, Bolivia, Sweden, and the Dominican Republic would all be smaller.
While broadband users are favorite targets, dial-up users are equally vulnerable. Various studies have demonstrated that an unpatched, unprotected system can be compromised in as little as 5 minutes online. And if you're thinking it can't happen to you, think again.
It's All About the Money
Viruses, worms, and Trojans have evolved far beyond the childish pranks of yesteryear. Today's attackers are serious criminals - in it for the money - and your system spells international currency. Botnet operators get somewhere between 15 to 40 cents per infected computer, which means they need thousands of infected computers to make serious cash. And with all the focus on money, and not on notoriety, you can bet they'll make every effort to stay under your radar and get onto your system.
To ensure the greatest chance of survival, malware authors routinely submit their creations to online scanners. They repeat this process over and over again, until they've successfully created a virus, worm, or Trojan that the scanner won't detect. And that's the one they'll use to attack your system.
This means the vast majority of new viruses, worms, Trojans and other malicious software may not be detected by most antivirus or antispyware scanners until after (a) it's been discovered and (b) you've applied the necessary updates. But the malware authors have a trick for this, too. They also craft their malicious code to cripple the scanners such that the necessary updates may never take place.
Become Actively Engaged in Your Own Security
This isn't to say that antivirus isn't needed. Antivirus software is a must - and on a properly managed system, it's invaluable. But it's not a panacea and if it's your only line of defense, chances are it will be breached. Security isn't a passive endeavor and to stay secure you must become actively engaged in your own protection.
Achieving good computer security can seem like a daunting task. Fortunately, following the few simple steps outlined below can provide a good measure of security in very little time.
Use antivirus software and keep it updated. You should check for new definition updates daily. Most antivirus software can be configured to do this automatically.
Install security patches. Vulnerabilities in software are constantly being discovered and they don't discriminate by vendor or platform. It's not simply a matter of updating Windows; at least monthly, check for and apply updates for all software you use.
Use a firewall. No Internet connection is safe without one. Firewalls are necessary even if you have a dial-up Internet connection - it takes only minutes for a a non-firewalled computer to be infected.
• Free ZoneAlarm Firewall
• Using the Windows Firewall
Secure your browser. Many labor under the dangerous misconception that only Internet Explorer is a problem. It's not the browser you need to be concerned about. Nor is it a matter of simply avoiding certain 'types' of sites. Known, legitimate websites are frequently being compromised and implanted with malicious javascript that foists malware onto visitors' computers. To ensure optimum browsing safety, the best tip is to disable javascript for all but the most essential of sites - such as your banking or regular ecommerce sites. Not only will you enjoy safer browsing, you'll be able to eliminate unwanted pop-ups as well.
Take control of your email. Avoid opening email attachments received unexpectedly - no matter who appears to have sent it. Remember that most worms and trojan-laden spam try to spoof the sender's name. And make sure your email client isn't leaving you open to infection. Reading email in plain text offers important security benefits that more than offset the loss of pretty colored fonts.
Treat IM suspiciously. Instant Messaging is a frequent target of worms and trojans. Treat it just as you would email.
Avoid P2P and distributed filesharing. Torrent, Kazaa, Gnutella, Morpheus and at least a dozen other filesharing networks exist. Most are free. And all are rife with trojans, viruses, worms, adware, spyware, and every other form of malicious code imaginable. There's no such thing as safe anonymous filesharing. Avoid it like the plague.
Keep abreast of Internet scams. Criminals think of clever ways to separate you from your hard earned cash. Don't get fooled by emails telling sad stories, or making unsolicited job offers, or promising lotto winnings. Likewise, beware of email masquerading as a security concern from your bank or other eCommerce site.
Don't fall victim to virus hoaxes. Dire sounding email spreading FUD about non-existent threats serve only to spread needless alarm and may even cause you to delete perfectly legitimate files in response.
Remember, there's far more good than bad on the Internet. The goal isn't to be paranoid. The goal is to be cautious, aware, and even suspicious. By following the tips above and becoming actively engaged in your own security, you'll not only be protecting yourself, you'll be contributing to the protection and betterment of the Internet as a whole.
Malware and Vulnerabilities
Common Botnets
A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Here is a collection of the most common botnets.
Asprox Botnet
The Asprox botnet was originally a botnet used primarily to deliver phishing scams. In 2008, the Asprox botnet began employing the bots to discover and use SQL injection on vulnerable Active Server pages on weakly configured websites.
Gumblar Botnet
Gumblar, known in Japan as Geno, is a unique botnet - it not only creates a botnet of compromised PCs, it also backdoors compromised websites enabling continued remote access and manipulation.
Koobface Botnet
Koobface spreads through social networking sites, most prevalently through Facebook. Generally, Koobface relies on social engineering in order to spread. The Koobface message is designed to trick recipients into clicking through to a fraudulent website and either (a) enter their Facebook (or other social networking) credentials or to accept the installation of malware disguised as a video codec o…
Zeus Botnet
Zeus, often spelled ZeuS, is a crimeware botnet typically engaged in data theft. Zeus is also often referred to as Zbot. Zeus is not a single botnet nor a single trojan, but rather refers to an entire family of trojans and their respective botnets.
Storm Botnet
The Storm bot is a backdoor component that allows remote surreptitious access to infected systems. The Storm-infected computers (collectively, the Storm botnet) are outfitted with a spam relay component (to send spam through infected computers) and a peer networking component (to enable the remote attackers to communicate with the bot infected computers).
Mariposa Botnet
Mariposa is Spanish for butterly. In computer lingo, Mariposa is a botnet created by the Butterfly bot kit. Mariposa is typically spread via instant messaging, peer-to-peer file sharing networks and as an autorun worm.
Waledec
Waledec, also spelled Waledac, is the name of a botnet used to relay malicious spam. The Waledec distributed spam often consists of fraudulent greeting cards and breaking news events.
CDC / H1N1 Vaccination Scam Infects Victims
Attackers are sending email disguised as correspondence from the Centers for Disease Control (CDC). The email claims an H1N1 vaccination registration is required. Those who comply with the request won't be registering with the CDC - instead they will be infecting their computer with a version of the Banker trojan
Remove SecurityTool Scareware
securitytool scareware rogue scanner process explorer safe mode registry editor securitytool rogue scareware regedit blocked task manager security tool
Fear-Based Reporting: Have You Been a Victim?
Fear sells. Whether intentional or otherwise, this can sometimes work to the advantage of the media and the disadvantage of consumers. Have you ever been influenced by fear-based reporting, only to find out later that the reports were wrong?
Conficker: More Conflict than Worm
Barely a week after the 60 Minutes April Fools' Conficker doomsday update failed to materialize, the closely watched Conflicker.C did finally manage an update. And in an ironic twist, the worm itself debunks much of the hype surrounding it.
PowerPoint Zero Day Vulnerability In-the-Wild
Microsoft has released Security Advisory 969136 warning of a newly discovered zero day PowerPoint vulnerability. The flaw impacts PowerPoint versions found in Windows versions of Office 2000, 2002, 2003, and Office 2004 for Mac.
60 Minutes, Conficker, and April's Fool
Is the Conficker worm set to detonate some evil payload on April 1st? According to 60 Minutes, it seems so. Here's the non-FUD behind the Conficker worm.
Downadup.AL aka Conficker.B Worm
Downadup.AL aka Conficker.B is a network worm that spreads via autorun, dictionary attacks on weakly protected network shares, and by exploiting the vulnerabilities described in MS08-067. The worm disables services related to automatic updates, error reporting, the Windows Security Center service, and the Windows Defender service. To prevent access to protection and removal tools, the worm also b…
Autorun Worms: How to Remove Autorun Malware
Autorun worms spread from USB/thumb drives as well as fixed and mapped drives. Autorun worms typically drop or download additional malware, usually backdoors and password stealers. Here's how to remove an autorun worm.
Sality Virus
Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web.
Winthb 'Virus' Tied to Backdoor Trojans
A family of backdoor and autorun trojans are working together to plague users. One symptom that may appear - the drive volume name and icon may be changed. The more insiduous aspects of the infection are far more silent and may be overlooked when users attempt manual removal.
A Storm of Scary Email
In recent weeks, a rash of spam has been sent that bear much resemblance to the all-too-familiar tactics of the Storm botnet.
Most Damaging Malware
All malware is bad, but some types of malware do more damage than others. That damage can range from loss of files or total loss of security. This list (in no particular order) provides an overview of the most damaging types of malware.
Easily Remove the MonaRonaDona 'Virus'
The MonaRonaDona 'virus' is a self-advertised 'virus' that isn't even a virus at all. It's a non-replicating program (i.e., a Trojan) that loads when Windows is started, changing the Internet Explorer title bar to read MonaRonaDona and displaying a message which blocks access to your legitimate running programs.
What is JS/Psyme (and How to Get Rid of It)
Many users have experienced repeated warnings of infection by Psyme each time they open their browser. Depending on the antivirus in use, the name given in the warning may be any of the following: Downloader.Psyme (Symantec), Troj/Psyme (Sophos), Trojan.VBS.KillAV (Kaspersky), TrojanDownloader.VBS.Psyme (CA),Trojan.Downloader.JS.Psyme (Kaspersky), VBS/Petch.A (F-Prot), VBS/Psyme (McAfee)
What is the Storm Worm?
The so-called Storm worm is actually not a worm, but rather a family of Trojans that typically include a backdoor, SMTP relay, P2P communications, email harvester, downloader, and often a rootkit.
U.Z.A. O/S Eliminator Worm
The so-called "U.Z.A. O/S Eliminator" worm appears to have originated in Maldives sometime in late July or early August 2007. The worm exploits the autorun feature, enabling it to spread from removable USB/thumb drives to other computers.
Freedom / Outlaw Worm
The Freedom 'virus' is a worm that infects local and USB drives, disables access to Task Manager, Registry Editor and other system utilities, and may try to delete MP3 files found on infected systems. Here's how to clean it.
Trojan.MeSpam Makes You the Spammer
Instead of relying on bots to do the dirty work, Trojan.MeSpam makes you the culprit. Once infected, every forum post you make, every webmail you send, and every blog comment you leave will also deposit a link pointing to a nefarious website.
Rinbot Worm Prompts Repeated Denials
Is Rinbot the little worm that isn't? Or is it simply the worm that no one wants to acknowledge exists? Here's a timeline of this "non-threat".
Storm Worm
The Storm worm spreads via email, using a variety of subject lines and message text that may masquerade as news articles or other current events.
Skype Chatosky Worm: Friend or Foe?
Thanks to the Chatosky worm, I uncovered some things about the Skype service that I might not otherwise have known.
Qspace Javascript Worm Targets MySpace Users
MySpace users are yet again a victim of another targeted attack. Dubbed JS_QSPACE.A by antivirus vendor Trend Micro and JS.Qspace by Symantec, the Javascript worm exploits a cross-site scripting (XSS) vulnerability embedded in a malicious Quicktime .MOV file.
Rontokbro aka Brontok Worm
A mass-mailing email worm that also spreads via USB and thumb drives, the Rontokbro worm - also know as Brontok - takes a multifacted approach to defy detection and removal.
Stration Email Worm
Stration is a mass-mailing email worm that attempts to download a file from a remote server. The worm may inject itself into certain running processes, potentially causing it to bypass firewalls or other security software.
Stration Worm
Stration is a mass-mailing email worm that may attempt to download files from a remote server.
VML FUD FAQ
There's a lot of misinformation being disseminated around the recently discovered VML vulnerability. Here's an attempt to address those misconceptions and alleviate some of the fears.
Zero-Day VML Vulnerability Impacts IE, Windows
A zero-day vulnerability in the Windows implementation of Vector Markup Language (VML) impacts all supported versions of Internet Explorer, all supported versions of Microsoft Windows 2003, Windows XP, and Windows 2000, and recent versions of Outlook and Outlook Express.
Are You in a Botnet?
With 12 million infected systems under their control, botnet operators are controlling a population rougly the size of Guatemala. In fact, the number of infected systems would place it at about 70 out of 230 sovereign states and territories worldwide.
Popular Antivirus Apps *Do* Work
The more a story gets told, the more the original story gets changed by each new storyteller. Sometimes, the story gets so far removed from the original, that the entire intent of the story is lost and new intent construed. Such is the case with the story of antivirus effectiveness, which was recently put through the spin cycle, wrung out, and reformed by Charlie White, editor of the Gizmodo gadget blog.
McAfee Downplays Security Flaws
Vulnerability researchers at eEye Digital uncovered serious flaws in McAfee security products that could allow attackers to gain remote control of affected systems.
Yahoo worm: JS/Yamanner
An early-morning report on a security mailing list led to the discovery of Yamanner, a mass-mailing email worm that impacted Yahoo webmail users.
Gamblers Lose Big with Free Tool
Every successful gambler knows how to handle a certain amount of risk, and how to minimize their losses. But a free tool that promised to help gamblers get the most out of the game turned out to be a Trojan that scammed them out of their winnings.
Hoot Worm Preys on Company
It seems a disgruntled employee targeted their enterprise with a worm that causes pictures of a rather odd looking owl to print on nearly 40 printers specific to the targeted firm.
Nugache Worm
Nugache is a worm that may spread via email, IM, or P2P networks.
Ransomware: Trojans demand money from victims
Having your computer infected with a virus or other malicious software is upsetting enough. But over the past year, a new type of attack promises to be even more disconcerting. Dubbed ransomware, this new attack infects the system, encrypts the files, and then demands payment from its victims.
QuickBatch Trojan Targets the Blind
There is no such thing as a good virus, but some viruses are more despicable than others. Case in point, the newly discovered W32/QuickBatch.G!tr Trojan that specifically targets members of the blind community.
Bagle worm variant warns: 'Lawsuit Against You'
Bagle worm variant that spreads via email and fileshares/P2P networks warns of 'Lawsuit Against You'
Nyxem aka Blackmal worm
Discovered on January 17, 2006, the Nyxem worm has a dangerous payload that executes on the 3rd of each month, overwriting files with specific extensions.
2005: Top Ten Malware Events
Here's the best and worst of 2005 from a malware perspective.
2003: Year of the Black Sheep
It seems appropriate that the Chinese dubbed 2003 as the Year of the Black Sheep. Among other things, the sheep is a symbol of untidiness - and from a virus standpoint, the year was indeed a mess.
2002: Virus Writers Contribute to SPAM
The year 2002 ushered in a new era of malicious marketing code
2001: Year of the Virus
Detecting email-borne viruses every 18 seconds, MessageLabs calls 2001 The Year of the Virus
WMF Image Handling Exploit
A serious vulnerability in Windows Fax and Picture Viewer can allow remote attackers to use .WMF image files to gain control of your system.
Sober.X Worm Description
Sober.X is a mass-mailing email worm that sends itself in either English or German depending on the recipient's domain. In addition to mass-mailing, Sober.X terminates processes related to various antivirus and security programs.
Sober.U Worm
Sober.U arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sober.T Worm
Sober.T arrives in an email message that may be in either German or English language, depending on the recipient's domain.
sober.s Worm
sober.s arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sober.R Worm
Sober.R arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sony Stinx Trojan
The Sony Stinx Trojan exploits the Sony DRM cloaking technology (aka rootkit) installed by music CDs published by Sony after March 2005. This allows the malware to be hidden from view - effectively masking its presence even from most antivirus scanners. The Sony Stinx Trojan installs an IRC Backdoor Trojan that allows remote access to compromised PCs, downloads other malware, and disables the Windows XP firewall.
Slapper worm gets facelift: Linux Lupper worm, aka Plupi and Lupii
The Linux Slapper worm has been given a facelift and this time BBS admins and web bloggers are the target. The new worm has been given a half dozen new names, including Linux/Lupper worm Linux.Plupi, Backdoor.Linux.Smal, ELF_LUPPER.A and Exploit.Linux.Lupii.
Sony President Defends Rootkit
the President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"
Sony Rootkit Strikes Sour Note
If you've purchased a Sony-labeled music CD since March 2005 and used it on your PC, chances are it installed a rootkit that can be easily exploited by virus writers.
Alleged Botnet Creators Arrested
Dutch police have announced the arrests of the alleged author of W32.Toxbot and two alleged accomplices.
First Sony PSP Trojan
PSP.Brick impacts the Sony PSP game console, flashing critical system files and rendering the console unbootable. The newly discovered PSP.Brick isn't technically a virus - it's a Trojan. But the news surrounding PSP.Brick could be described as a polymorphic virus - it spreads fast and the story changes with each reporter it infects.
IM Worms Pose Signficant Threat
Since January 1, 2005, at least 358 descriptions have been published for specific IM threats.
Kelvir Instant Messenger (IM) worm
The most prevalent IM worm is Kelvir family of worms that target MSN Messenger users.
Agent.AD Trojan nabs headlines from London attacks
Just hours after BBC published a news report titled "London attackers 'meant to kill'", the Agent.AD Trojan email stole the headline and part of the copy, using it as a ruse to entice victims into opening its infected attachment.
AIM worm impersonates iTunes app
IM worms continue to expand their repertoire of social engineering tricks. W32/Olameg-net, a.k.a. Opanki.Y and AIM/Megalo, installs itself to the Windows System directory as itunes.exe, presumably trying to disguise itself as the popular Apple iTunes application.
Michael Jackson suicide spam a Trojan
Malware authors eager to capitalize on the Michael Jackson trial have been sending booby-trapped spam messages claiming the pop-singer has attempted suicide.
Mytob.BI worm
Discovered May 31, 2005, Mytob.BI is a mass-mailing email worm that compromises system security by terminating processes related to various antivirus software, disabling the XP SP2 firewall, and modifying the HOSTS file to prevent access to antivirus updates and certain other websites.
Mytob.AR
Discovered May 30, 2005, Mytob.AR is a mass-mailing email worm that compromises system security by terminating processes related to various antivirus software, disabling the XP SP2 firewall, and modifying the HOSTS file to prevent access to antivirus updates and certain other websites.
Prevent the Mytob worm
The Mytob variants are mass-mailing email worms that compromise system security by terminating processes related to various antivirus software and modifiying the Registry to disable the XP SP2 firewall.
Sober.P turns to spam
The Sober.P worm has morphed into a spam Trojan, sending politically-charged messages from infected systems.
Sober hangover begins
The Sober.P worm abruptly stopped its mass-mailing at midnight GMT on May 9th, presumably entering its second stage of infection.
Firefox flaws rated extremely critical
Firefox flaws rated extremely critical
Sober.P worm threatens
Discovered May 2, 2005, Sober.P (also known as Sober.O) is a mass-mailing email that sends itself in either German or English language, depending on the intended recipient's domain.
Crog IM worm
The Crog worm edits the system registry to lower security settings, modifies the HOSTS file to redirect access to various security sites and shuts down processes associated with various security software.
Kelvir IM worms
Three new IM worms, Kelvir.A, Kelvir.B, and Kelvir.C were discovered by antivirus vendors on March 6th and 7th, 2005.
Bagle.BE worm
Discovered on March 1, 2005 in conjunction with several mass-spammed Bagle-like Trojans, Bagle.BE arrives in an email with a blank subject line
Troj/BagleDl-L
Troj/BagleDl-L is a Trojan, not a worm, and does not contain mass-mailing capabilities. However, Troj/BagleDl-L was mass-spammed via email during the morning of March 1st, 2005.
Bagle.AZ worm
Like Bagle.AY, Bagle.AZ is a mass mailing email and P2P filesharing worm with downloader capabilites.
Bagle.AY worm
Bagle.AY is a mass mailing email and P2P filesharing worm with backdoor and downloader capabilites. As with previous variants and most modern email worms, the worm uses its own SMTP engine to spread via email and the From address is spoofed.
MyDoom.AM hijacks HOSTS
MyDoom.AM is a mass-mailing email and P2P filesharing worm that modifies the HOSTS file to prevent infected users from accessing certain antivirus vendor sites.
Lovgate.W worm
A mass-mailing email and filesharing worm, Lovgate.W also contains backdoor capabilities
A stocking full of coal: Multiple flaws in Windows could lead to compromise
Ever wonder what Bill Gates gets for Christmas? This year, the Chinese security firm VenusTech delivered three new Windows exploits just in time for the holidays.
Zafi.D worm spreads Christmas fear
A new variant of the Zafi worm, dubbed Zafi.D, sends itself as a Christmas greeting - in a variety of languages depending on the recipient's domain.
MakeLOVEnotSPAM mask worn byTrojan
Dubbed TrojanDropper.FakeSpamFighter and Troj/Mdrop-IT, the Trojan masquerades as the Lycos infamous MakeLOVEnotSPAM screensaver
Sober.I worm
Sober.I is a mass-mailing email worm that sends itself in both German and English, depending on the infected users' operating system language. Sober.I uses is own SMTP engine to send itself to email address found on infected systems, spoofing the From address.
Bofra.A worm exploits SHDOCVW.DLL flaw
Bofra.A worm exploits SHDOCVW.DLL flaw
Klez Help Center
The Klez virus uses a variety of techniques to fool and aggravate users
Homepage Virus
Also known as Homepage, this e-mail worm was discovered in the wild on May 8th, 2001
IRCsome McVeigh Video a RAT
Alleged movie of Timothy McVeigh execution really the Subseven remote access Trojan.
Sobig.E worm
The Sobig.E worm spreads via email. The Sobig.E worm attachment is a ZIP file.
Virus Encyclopedia
From your Antivirus.About.com guide, an encyclopedia of virus and hoax descriptions. Includes PC, Macintosh, Unix, Active Content, and Wireless infectors.
AntiVirus Research Center
Timely and searchable information concerning viruses currently in-the-wild and even those that are not.
AVP's VirusList
So comprehensive, it might be somewhat difficult to navigate. Well worth the effort, AVP delivers the definitive virus encyclopedia.
Hoaxes and Myths
Though not a virus, hoaxes and myths can still cause downtime and loss of productivity due to unwarranted panic. Rob Rosenberger maintains a plethora of information concerning these non-threatening threats.
Computer Virus Info
From F-Secure, an alphabetized database of virus descriptions. Search by exact name or keyword.
Panda Virus Descriptions
From the makers of Panda Antivirus, an encyclopedia searchable by name, category or family. The database is prefaced by an introduction to computer viruses and a handy glossary of terms.
The WildList
Compiled from various reporting agencies and individuals. Listing all viruses actually causing active infections worldwide, the wildlist is updated monthly.
Virus Analyses
One very long list of just some of the viruses detected by Sophos.
Virus Information Library
The McAfee AVERT Virus Information Library includes detailed information on viruses as well as popular hoaxes and myths.
WildList Virus Descriptions
F-Secure simplifies the WildList by linking descriptions to the names of the viruses reported to be in the wild. Updated monthly.
http://antivirus.about.com/od/virusdescriptions/Latest_Malware_and_Vulnerabilities.htm
A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Here is a collection of the most common botnets.
Asprox Botnet
The Asprox botnet was originally a botnet used primarily to deliver phishing scams. In 2008, the Asprox botnet began employing the bots to discover and use SQL injection on vulnerable Active Server pages on weakly configured websites.
Gumblar Botnet
Gumblar, known in Japan as Geno, is a unique botnet - it not only creates a botnet of compromised PCs, it also backdoors compromised websites enabling continued remote access and manipulation.
Koobface Botnet
Koobface spreads through social networking sites, most prevalently through Facebook. Generally, Koobface relies on social engineering in order to spread. The Koobface message is designed to trick recipients into clicking through to a fraudulent website and either (a) enter their Facebook (or other social networking) credentials or to accept the installation of malware disguised as a video codec o…
Zeus Botnet
Zeus, often spelled ZeuS, is a crimeware botnet typically engaged in data theft. Zeus is also often referred to as Zbot. Zeus is not a single botnet nor a single trojan, but rather refers to an entire family of trojans and their respective botnets.
Storm Botnet
The Storm bot is a backdoor component that allows remote surreptitious access to infected systems. The Storm-infected computers (collectively, the Storm botnet) are outfitted with a spam relay component (to send spam through infected computers) and a peer networking component (to enable the remote attackers to communicate with the bot infected computers).
Mariposa Botnet
Mariposa is Spanish for butterly. In computer lingo, Mariposa is a botnet created by the Butterfly bot kit. Mariposa is typically spread via instant messaging, peer-to-peer file sharing networks and as an autorun worm.
Waledec
Waledec, also spelled Waledac, is the name of a botnet used to relay malicious spam. The Waledec distributed spam often consists of fraudulent greeting cards and breaking news events.
CDC / H1N1 Vaccination Scam Infects Victims
Attackers are sending email disguised as correspondence from the Centers for Disease Control (CDC). The email claims an H1N1 vaccination registration is required. Those who comply with the request won't be registering with the CDC - instead they will be infecting their computer with a version of the Banker trojan
Remove SecurityTool Scareware
securitytool scareware rogue scanner process explorer safe mode registry editor securitytool rogue scareware regedit blocked task manager security tool
Fear-Based Reporting: Have You Been a Victim?
Fear sells. Whether intentional or otherwise, this can sometimes work to the advantage of the media and the disadvantage of consumers. Have you ever been influenced by fear-based reporting, only to find out later that the reports were wrong?
Conficker: More Conflict than Worm
Barely a week after the 60 Minutes April Fools' Conficker doomsday update failed to materialize, the closely watched Conflicker.C did finally manage an update. And in an ironic twist, the worm itself debunks much of the hype surrounding it.
PowerPoint Zero Day Vulnerability In-the-Wild
Microsoft has released Security Advisory 969136 warning of a newly discovered zero day PowerPoint vulnerability. The flaw impacts PowerPoint versions found in Windows versions of Office 2000, 2002, 2003, and Office 2004 for Mac.
60 Minutes, Conficker, and April's Fool
Is the Conficker worm set to detonate some evil payload on April 1st? According to 60 Minutes, it seems so. Here's the non-FUD behind the Conficker worm.
Downadup.AL aka Conficker.B Worm
Downadup.AL aka Conficker.B is a network worm that spreads via autorun, dictionary attacks on weakly protected network shares, and by exploiting the vulnerabilities described in MS08-067. The worm disables services related to automatic updates, error reporting, the Windows Security Center service, and the Windows Defender service. To prevent access to protection and removal tools, the worm also b…
Autorun Worms: How to Remove Autorun Malware
Autorun worms spread from USB/thumb drives as well as fixed and mapped drives. Autorun worms typically drop or download additional malware, usually backdoors and password stealers. Here's how to remove an autorun worm.
Sality Virus
Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web.
Winthb 'Virus' Tied to Backdoor Trojans
A family of backdoor and autorun trojans are working together to plague users. One symptom that may appear - the drive volume name and icon may be changed. The more insiduous aspects of the infection are far more silent and may be overlooked when users attempt manual removal.
A Storm of Scary Email
In recent weeks, a rash of spam has been sent that bear much resemblance to the all-too-familiar tactics of the Storm botnet.
Most Damaging Malware
All malware is bad, but some types of malware do more damage than others. That damage can range from loss of files or total loss of security. This list (in no particular order) provides an overview of the most damaging types of malware.
Easily Remove the MonaRonaDona 'Virus'
The MonaRonaDona 'virus' is a self-advertised 'virus' that isn't even a virus at all. It's a non-replicating program (i.e., a Trojan) that loads when Windows is started, changing the Internet Explorer title bar to read MonaRonaDona and displaying a message which blocks access to your legitimate running programs.
What is JS/Psyme (and How to Get Rid of It)
Many users have experienced repeated warnings of infection by Psyme each time they open their browser. Depending on the antivirus in use, the name given in the warning may be any of the following: Downloader.Psyme (Symantec), Troj/Psyme (Sophos), Trojan.VBS.KillAV (Kaspersky), TrojanDownloader.VBS.Psyme (CA),Trojan.Downloader.JS.Psyme (Kaspersky), VBS/Petch.A (F-Prot), VBS/Psyme (McAfee)
What is the Storm Worm?
The so-called Storm worm is actually not a worm, but rather a family of Trojans that typically include a backdoor, SMTP relay, P2P communications, email harvester, downloader, and often a rootkit.
U.Z.A. O/S Eliminator Worm
The so-called "U.Z.A. O/S Eliminator" worm appears to have originated in Maldives sometime in late July or early August 2007. The worm exploits the autorun feature, enabling it to spread from removable USB/thumb drives to other computers.
Freedom / Outlaw Worm
The Freedom 'virus' is a worm that infects local and USB drives, disables access to Task Manager, Registry Editor and other system utilities, and may try to delete MP3 files found on infected systems. Here's how to clean it.
Trojan.MeSpam Makes You the Spammer
Instead of relying on bots to do the dirty work, Trojan.MeSpam makes you the culprit. Once infected, every forum post you make, every webmail you send, and every blog comment you leave will also deposit a link pointing to a nefarious website.
Rinbot Worm Prompts Repeated Denials
Is Rinbot the little worm that isn't? Or is it simply the worm that no one wants to acknowledge exists? Here's a timeline of this "non-threat".
Storm Worm
The Storm worm spreads via email, using a variety of subject lines and message text that may masquerade as news articles or other current events.
Skype Chatosky Worm: Friend or Foe?
Thanks to the Chatosky worm, I uncovered some things about the Skype service that I might not otherwise have known.
Qspace Javascript Worm Targets MySpace Users
MySpace users are yet again a victim of another targeted attack. Dubbed JS_QSPACE.A by antivirus vendor Trend Micro and JS.Qspace by Symantec, the Javascript worm exploits a cross-site scripting (XSS) vulnerability embedded in a malicious Quicktime .MOV file.
Rontokbro aka Brontok Worm
A mass-mailing email worm that also spreads via USB and thumb drives, the Rontokbro worm - also know as Brontok - takes a multifacted approach to defy detection and removal.
Stration Email Worm
Stration is a mass-mailing email worm that attempts to download a file from a remote server. The worm may inject itself into certain running processes, potentially causing it to bypass firewalls or other security software.
Stration Worm
Stration is a mass-mailing email worm that may attempt to download files from a remote server.
VML FUD FAQ
There's a lot of misinformation being disseminated around the recently discovered VML vulnerability. Here's an attempt to address those misconceptions and alleviate some of the fears.
Zero-Day VML Vulnerability Impacts IE, Windows
A zero-day vulnerability in the Windows implementation of Vector Markup Language (VML) impacts all supported versions of Internet Explorer, all supported versions of Microsoft Windows 2003, Windows XP, and Windows 2000, and recent versions of Outlook and Outlook Express.
Are You in a Botnet?
With 12 million infected systems under their control, botnet operators are controlling a population rougly the size of Guatemala. In fact, the number of infected systems would place it at about 70 out of 230 sovereign states and territories worldwide.
Popular Antivirus Apps *Do* Work
The more a story gets told, the more the original story gets changed by each new storyteller. Sometimes, the story gets so far removed from the original, that the entire intent of the story is lost and new intent construed. Such is the case with the story of antivirus effectiveness, which was recently put through the spin cycle, wrung out, and reformed by Charlie White, editor of the Gizmodo gadget blog.
McAfee Downplays Security Flaws
Vulnerability researchers at eEye Digital uncovered serious flaws in McAfee security products that could allow attackers to gain remote control of affected systems.
Yahoo worm: JS/Yamanner
An early-morning report on a security mailing list led to the discovery of Yamanner, a mass-mailing email worm that impacted Yahoo webmail users.
Gamblers Lose Big with Free Tool
Every successful gambler knows how to handle a certain amount of risk, and how to minimize their losses. But a free tool that promised to help gamblers get the most out of the game turned out to be a Trojan that scammed them out of their winnings.
Hoot Worm Preys on Company
It seems a disgruntled employee targeted their enterprise with a worm that causes pictures of a rather odd looking owl to print on nearly 40 printers specific to the targeted firm.
Nugache Worm
Nugache is a worm that may spread via email, IM, or P2P networks.
Ransomware: Trojans demand money from victims
Having your computer infected with a virus or other malicious software is upsetting enough. But over the past year, a new type of attack promises to be even more disconcerting. Dubbed ransomware, this new attack infects the system, encrypts the files, and then demands payment from its victims.
QuickBatch Trojan Targets the Blind
There is no such thing as a good virus, but some viruses are more despicable than others. Case in point, the newly discovered W32/QuickBatch.G!tr Trojan that specifically targets members of the blind community.
Bagle worm variant warns: 'Lawsuit Against You'
Bagle worm variant that spreads via email and fileshares/P2P networks warns of 'Lawsuit Against You'
Nyxem aka Blackmal worm
Discovered on January 17, 2006, the Nyxem worm has a dangerous payload that executes on the 3rd of each month, overwriting files with specific extensions.
2005: Top Ten Malware Events
Here's the best and worst of 2005 from a malware perspective.
2003: Year of the Black Sheep
It seems appropriate that the Chinese dubbed 2003 as the Year of the Black Sheep. Among other things, the sheep is a symbol of untidiness - and from a virus standpoint, the year was indeed a mess.
2002: Virus Writers Contribute to SPAM
The year 2002 ushered in a new era of malicious marketing code
2001: Year of the Virus
Detecting email-borne viruses every 18 seconds, MessageLabs calls 2001 The Year of the Virus
WMF Image Handling Exploit
A serious vulnerability in Windows Fax and Picture Viewer can allow remote attackers to use .WMF image files to gain control of your system.
Sober.X Worm Description
Sober.X is a mass-mailing email worm that sends itself in either English or German depending on the recipient's domain. In addition to mass-mailing, Sober.X terminates processes related to various antivirus and security programs.
Sober.U Worm
Sober.U arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sober.T Worm
Sober.T arrives in an email message that may be in either German or English language, depending on the recipient's domain.
sober.s Worm
sober.s arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sober.R Worm
Sober.R arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sony Stinx Trojan
The Sony Stinx Trojan exploits the Sony DRM cloaking technology (aka rootkit) installed by music CDs published by Sony after March 2005. This allows the malware to be hidden from view - effectively masking its presence even from most antivirus scanners. The Sony Stinx Trojan installs an IRC Backdoor Trojan that allows remote access to compromised PCs, downloads other malware, and disables the Windows XP firewall.
Slapper worm gets facelift: Linux Lupper worm, aka Plupi and Lupii
The Linux Slapper worm has been given a facelift and this time BBS admins and web bloggers are the target. The new worm has been given a half dozen new names, including Linux/Lupper worm Linux.Plupi, Backdoor.Linux.Smal, ELF_LUPPER.A and Exploit.Linux.Lupii.
Sony President Defends Rootkit
the President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"
Sony Rootkit Strikes Sour Note
If you've purchased a Sony-labeled music CD since March 2005 and used it on your PC, chances are it installed a rootkit that can be easily exploited by virus writers.
Alleged Botnet Creators Arrested
Dutch police have announced the arrests of the alleged author of W32.Toxbot and two alleged accomplices.
First Sony PSP Trojan
PSP.Brick impacts the Sony PSP game console, flashing critical system files and rendering the console unbootable. The newly discovered PSP.Brick isn't technically a virus - it's a Trojan. But the news surrounding PSP.Brick could be described as a polymorphic virus - it spreads fast and the story changes with each reporter it infects.
IM Worms Pose Signficant Threat
Since January 1, 2005, at least 358 descriptions have been published for specific IM threats.
Kelvir Instant Messenger (IM) worm
The most prevalent IM worm is Kelvir family of worms that target MSN Messenger users.
Agent.AD Trojan nabs headlines from London attacks
Just hours after BBC published a news report titled "London attackers 'meant to kill'", the Agent.AD Trojan email stole the headline and part of the copy, using it as a ruse to entice victims into opening its infected attachment.
AIM worm impersonates iTunes app
IM worms continue to expand their repertoire of social engineering tricks. W32/Olameg-net, a.k.a. Opanki.Y and AIM/Megalo, installs itself to the Windows System directory as itunes.exe, presumably trying to disguise itself as the popular Apple iTunes application.
Michael Jackson suicide spam a Trojan
Malware authors eager to capitalize on the Michael Jackson trial have been sending booby-trapped spam messages claiming the pop-singer has attempted suicide.
Mytob.BI worm
Discovered May 31, 2005, Mytob.BI is a mass-mailing email worm that compromises system security by terminating processes related to various antivirus software, disabling the XP SP2 firewall, and modifying the HOSTS file to prevent access to antivirus updates and certain other websites.
Mytob.AR
Discovered May 30, 2005, Mytob.AR is a mass-mailing email worm that compromises system security by terminating processes related to various antivirus software, disabling the XP SP2 firewall, and modifying the HOSTS file to prevent access to antivirus updates and certain other websites.
Prevent the Mytob worm
The Mytob variants are mass-mailing email worms that compromise system security by terminating processes related to various antivirus software and modifiying the Registry to disable the XP SP2 firewall.
Sober.P turns to spam
The Sober.P worm has morphed into a spam Trojan, sending politically-charged messages from infected systems.
Sober hangover begins
The Sober.P worm abruptly stopped its mass-mailing at midnight GMT on May 9th, presumably entering its second stage of infection.
Firefox flaws rated extremely critical
Firefox flaws rated extremely critical
Sober.P worm threatens
Discovered May 2, 2005, Sober.P (also known as Sober.O) is a mass-mailing email that sends itself in either German or English language, depending on the intended recipient's domain.
Crog IM worm
The Crog worm edits the system registry to lower security settings, modifies the HOSTS file to redirect access to various security sites and shuts down processes associated with various security software.
Kelvir IM worms
Three new IM worms, Kelvir.A, Kelvir.B, and Kelvir.C were discovered by antivirus vendors on March 6th and 7th, 2005.
Bagle.BE worm
Discovered on March 1, 2005 in conjunction with several mass-spammed Bagle-like Trojans, Bagle.BE arrives in an email with a blank subject line
Troj/BagleDl-L
Troj/BagleDl-L is a Trojan, not a worm, and does not contain mass-mailing capabilities. However, Troj/BagleDl-L was mass-spammed via email during the morning of March 1st, 2005.
Bagle.AZ worm
Like Bagle.AY, Bagle.AZ is a mass mailing email and P2P filesharing worm with downloader capabilites.
Bagle.AY worm
Bagle.AY is a mass mailing email and P2P filesharing worm with backdoor and downloader capabilites. As with previous variants and most modern email worms, the worm uses its own SMTP engine to spread via email and the From address is spoofed.
MyDoom.AM hijacks HOSTS
MyDoom.AM is a mass-mailing email and P2P filesharing worm that modifies the HOSTS file to prevent infected users from accessing certain antivirus vendor sites.
Lovgate.W worm
A mass-mailing email and filesharing worm, Lovgate.W also contains backdoor capabilities
A stocking full of coal: Multiple flaws in Windows could lead to compromise
Ever wonder what Bill Gates gets for Christmas? This year, the Chinese security firm VenusTech delivered three new Windows exploits just in time for the holidays.
Zafi.D worm spreads Christmas fear
A new variant of the Zafi worm, dubbed Zafi.D, sends itself as a Christmas greeting - in a variety of languages depending on the recipient's domain.
MakeLOVEnotSPAM mask worn byTrojan
Dubbed TrojanDropper.FakeSpamFighter and Troj/Mdrop-IT, the Trojan masquerades as the Lycos infamous MakeLOVEnotSPAM screensaver
Sober.I worm
Sober.I is a mass-mailing email worm that sends itself in both German and English, depending on the infected users' operating system language. Sober.I uses is own SMTP engine to send itself to email address found on infected systems, spoofing the From address.
Bofra.A worm exploits SHDOCVW.DLL flaw
Bofra.A worm exploits SHDOCVW.DLL flaw
Klez Help Center
The Klez virus uses a variety of techniques to fool and aggravate users
Homepage Virus
Also known as Homepage, this e-mail worm was discovered in the wild on May 8th, 2001
IRCsome McVeigh Video a RAT
Alleged movie of Timothy McVeigh execution really the Subseven remote access Trojan.
Sobig.E worm
The Sobig.E worm spreads via email. The Sobig.E worm attachment is a ZIP file.
Virus Encyclopedia
From your Antivirus.About.com guide, an encyclopedia of virus and hoax descriptions. Includes PC, Macintosh, Unix, Active Content, and Wireless infectors.
AntiVirus Research Center
Timely and searchable information concerning viruses currently in-the-wild and even those that are not.
AVP's VirusList
So comprehensive, it might be somewhat difficult to navigate. Well worth the effort, AVP delivers the definitive virus encyclopedia.
Hoaxes and Myths
Though not a virus, hoaxes and myths can still cause downtime and loss of productivity due to unwarranted panic. Rob Rosenberger maintains a plethora of information concerning these non-threatening threats.
Computer Virus Info
From F-Secure, an alphabetized database of virus descriptions. Search by exact name or keyword.
Panda Virus Descriptions
From the makers of Panda Antivirus, an encyclopedia searchable by name, category or family. The database is prefaced by an introduction to computer viruses and a handy glossary of terms.
The WildList
Compiled from various reporting agencies and individuals. Listing all viruses actually causing active infections worldwide, the wildlist is updated monthly.
Virus Analyses
One very long list of just some of the viruses detected by Sophos.
Virus Information Library
The McAfee AVERT Virus Information Library includes detailed information on viruses as well as popular hoaxes and myths.
WildList Virus Descriptions
F-Secure simplifies the WildList by linking descriptions to the names of the viruses reported to be in the wild. Updated monthly.
http://antivirus.about.com/od/virusdescriptions/Latest_Malware_and_Vulnerabilities.htm
Mailinator - - A Very Disposable Email Account
Mailinator - - A Very Disposable Email Account
Free Service Description:
Mailinator offers you any email address you want -- for a few hours. This may make Mailinator the ultimate disposable email account. You can make-up an email address using the mailinator domain and use it as a temporary junk email account.
How do I use this free service?:
After you have given out your made-up email address you then go to Mailinator.com and check that account for any email received. The email is kept for a couple hours and then deleted. You don't need to register with Mailinator at all. Mailinator just collects all email to any address using the mailinator.com domain. You just type in the address you just gave out and any email to that address is displayed.
That sounds cool but what good is it?:
Mailinator has basically just one purpose. It allows you to receive email for a short period of time without giving out your own email address. If you need an email address to register on a site that you are not sure you trust, use a Mailinator address. You can get your confirmation email to validate your registration. There is no worry about getting spam because you never need to check that account again.
What are the drawbacks of the free Mailinator address?:
Since email is deleted after a couple hours you cannot use a Mailinator account as a permanent email address. There is no security on a Mailinator account. Anyone can check any account as long as they know what it is. It's best not choose a common address like a first name or a common word. You also cannot send email from a Mailinator account.
What are the risks in in using the Mailinator site?:
There are none as long as you understand that mail is deleted after a couple hours and that anyone can check it if they know the address you used. Since Mailinator does not require a registration you are not giving them any personal information.
Free Service Description:
Mailinator offers you any email address you want -- for a few hours. This may make Mailinator the ultimate disposable email account. You can make-up an email address using the mailinator domain and use it as a temporary junk email account.
How do I use this free service?:
After you have given out your made-up email address you then go to Mailinator.com and check that account for any email received. The email is kept for a couple hours and then deleted. You don't need to register with Mailinator at all. Mailinator just collects all email to any address using the mailinator.com domain. You just type in the address you just gave out and any email to that address is displayed.
That sounds cool but what good is it?:
Mailinator has basically just one purpose. It allows you to receive email for a short period of time without giving out your own email address. If you need an email address to register on a site that you are not sure you trust, use a Mailinator address. You can get your confirmation email to validate your registration. There is no worry about getting spam because you never need to check that account again.
What are the drawbacks of the free Mailinator address?:
Since email is deleted after a couple hours you cannot use a Mailinator account as a permanent email address. There is no security on a Mailinator account. Anyone can check any account as long as they know what it is. It's best not choose a common address like a first name or a common word. You also cannot send email from a Mailinator account.
What are the risks in in using the Mailinator site?:
There are none as long as you understand that mail is deleted after a couple hours and that anyone can check it if they know the address you used. Since Mailinator does not require a registration you are not giving them any personal information.
Police your Password Recovery Options
Police your Password Recovery Options
Cybercriminals can hijack your online accounts to order items at your expense, gain access to your email, or use your good name to send spam, malware and scams to people you know. One way attackers can gain access is by taking advantage of lax security in your password reset and recovery options for the account.
Most online services offer some means of recovering forgotten passwords. This typically consists of answering a few questions, after which a new password is emailed to the account on record. While this method is convenient, it can leave you at greater risk unless you follow a few simple security precautions.
1. Make sure the email address specified for the account is a valid, monitored email address.
2. Make sure the answers to the password recovery / reset option are not easily guessable.
Skipping either of these steps makes it far easier for attackers to gain control of your account. For example, a "throwaway" email address could easily wind up registered to another user. This means that any attempts to recover or reset your password, will result in that password being sent to the wrong person. Make sure the email address you have specified for the account is active, in your name, and monitored regularly.
Most security related questions can be either easily guessed or discovered through a quick online search. For example, things like the name of the school you attended or the town you were born in may be part of your public social networking profile.
Your best bet is to pick a nonsensical answer to the question. Instead of entering your favorite pet's name, input a completely bogus response that only you will know. Avoid easily guessed single word responses like 123456, password, or other dictionary words or sequential number responses. Attackers can simply enter lists of commonly used words/number sequences until one gets accepted. Use a passphrase instead - a favorite quote or short phrase with all spaces removed.
Some online accounts will allow you to enter a mobile phone number. If a password reset or recovery is requested, you'll receive a text message alerting you. If available, this is one of the most secure methods you can use. However, phones can be lost or stolen, so remember to still have a valid email on file with the service and use hard-to-guess passphrases for the security questions.
Cybercriminals can hijack your online accounts to order items at your expense, gain access to your email, or use your good name to send spam, malware and scams to people you know. One way attackers can gain access is by taking advantage of lax security in your password reset and recovery options for the account.
Most online services offer some means of recovering forgotten passwords. This typically consists of answering a few questions, after which a new password is emailed to the account on record. While this method is convenient, it can leave you at greater risk unless you follow a few simple security precautions.
1. Make sure the email address specified for the account is a valid, monitored email address.
2. Make sure the answers to the password recovery / reset option are not easily guessable.
Skipping either of these steps makes it far easier for attackers to gain control of your account. For example, a "throwaway" email address could easily wind up registered to another user. This means that any attempts to recover or reset your password, will result in that password being sent to the wrong person. Make sure the email address you have specified for the account is active, in your name, and monitored regularly.
Most security related questions can be either easily guessed or discovered through a quick online search. For example, things like the name of the school you attended or the town you were born in may be part of your public social networking profile.
Your best bet is to pick a nonsensical answer to the question. Instead of entering your favorite pet's name, input a completely bogus response that only you will know. Avoid easily guessed single word responses like 123456, password, or other dictionary words or sequential number responses. Attackers can simply enter lists of commonly used words/number sequences until one gets accepted. Use a passphrase instead - a favorite quote or short phrase with all spaces removed.
Some online accounts will allow you to enter a mobile phone number. If a password reset or recovery is requested, you'll receive a text message alerting you. If available, this is one of the most secure methods you can use. However, phones can be lost or stolen, so remember to still have a valid email on file with the service and use hard-to-guess passphrases for the security questions.
Online Security Tips Defending Yourself Against 3 Common Online Attacks
The Internet has become a dangerous place in which to do business. To remain secure online, you need to maintain a strong defense on several fronts. Here are tips for defending your email, social networking sites and online bank accounts and from hackers.
Email Security
Spear Phishing attacks that target victims by name have become a serious and sophisticated threat. The emails fabricated by spear phishers may be addressed to a C-level employee or appear to come from a trusted individual within an organization.
The spear phisher's modus operandi involves tricking the victim into clicking on a link leading to a bogus web site. This infected site will secretly install data logging software designed to record the victim's key strokes. Once they have pirated information such as user names and passwords, spear phishers have been known to suck company bank accounts dry.
As one example, spear phishers identified key employees at companies such as Google and Adobe and then back-tracked to find out the names of their friends. The hackers then compromised the friends' social network accounts and used them trick the targets into clicking on infected links.
Said Sam Curry, Vice President of RSA:
This is a loud message for the commercial world, which is: wake up, this isn't all happiness and goodness and new business. Doing business on the internet is as risky as sending ships through the Panama Canal.
Here are just a few steps that you can take to protect yourself and your company from spear phishing;
• Be suspicious of any emails requesting confidential information, and verify the request with the company or individual named in the email. Just clicking on a malicious web link can infect your computer,
• Limit the amount of personal information you provide on social networking sites,
• Use strong passwords.
Social Networking Attacks
ID Theft expert, Robert Siciliano related how a white hat hacker used Facebook to breach a company's physical security and infiltrate their network. It is a perfect illustration of how employees can compromise themselves and their companies through a careless use of social networking.
In the article, the hacker describes stealing the identity of a company employee found on Facebook:
On the day we intended to breach the facility, our guy was dressed with a shirt embroidered with our client's logo, and armed him with business cards, a fake company badge, and his laptop. Upon entering the building, he was immediately greeted by reception. Our man quickly displayed his fake credentials and immediately began ranting about the perils of his journey and how important it was for him to get a place to check his email and use a restroom. Within in seconds, he was provided a place to sit, connection to the Internet, and a 24×7 card access key to the building. Later that evening, he returned to the empty office building to conduct a late-night hacking session. Within a short period of time, he had accessed the company's sensitive secrets.
Most people drop their guard on Facebook. And why not? After all, on Facebook, you're surrounded by people you "know like and trust." How could you possibly be in danger with 6 bazillion "friends" to look out for you?
Online Banking Protection
If your company does high value online banking transactions, limit those activities to a secured, stand alone computer that has no access to email or web browsing, The American Bankers Association now recommends that businesses use a dedicated PC for online transactions.
Cybercriminals are writing malware to create fraudulent Automatic Clearing House (ACH) and wire transfers. In order to hijack your transactions, a criminal must first insert the malware onto one or more of your company's computers. Infecting a computer is much easier if that computer is connected to the internet or used for email.
In particular, the ABA recommends
commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
To add another layer of protection, consider implementing "locked down computing" for your online transactions.
Devices such as IBM's ZTIC (Zone Trusted Information Channel) are designed to protect online bank customers from a "man in the middle" attack. In this scenario, an attacker intercepts an online transaction as it occurs, and re-directs funds to a fraudulent account.
The ZTIC is a smart card reader that attaches to a computer used for online banking. During a transaction, it bypasses the web browser completely and establishes a secure connection with the bank. This approach is referred to as "locked down computing" and lets users see exactly how their transaction is being directed. If a hacker attempts to channel funds to a frauduent account, the user can immediately abort the transaction.
Email Security
Spear Phishing attacks that target victims by name have become a serious and sophisticated threat. The emails fabricated by spear phishers may be addressed to a C-level employee or appear to come from a trusted individual within an organization.
The spear phisher's modus operandi involves tricking the victim into clicking on a link leading to a bogus web site. This infected site will secretly install data logging software designed to record the victim's key strokes. Once they have pirated information such as user names and passwords, spear phishers have been known to suck company bank accounts dry.
As one example, spear phishers identified key employees at companies such as Google and Adobe and then back-tracked to find out the names of their friends. The hackers then compromised the friends' social network accounts and used them trick the targets into clicking on infected links.
Said Sam Curry, Vice President of RSA:
This is a loud message for the commercial world, which is: wake up, this isn't all happiness and goodness and new business. Doing business on the internet is as risky as sending ships through the Panama Canal.
Here are just a few steps that you can take to protect yourself and your company from spear phishing;
• Be suspicious of any emails requesting confidential information, and verify the request with the company or individual named in the email. Just clicking on a malicious web link can infect your computer,
• Limit the amount of personal information you provide on social networking sites,
• Use strong passwords.
Social Networking Attacks
ID Theft expert, Robert Siciliano related how a white hat hacker used Facebook to breach a company's physical security and infiltrate their network. It is a perfect illustration of how employees can compromise themselves and their companies through a careless use of social networking.
In the article, the hacker describes stealing the identity of a company employee found on Facebook:
On the day we intended to breach the facility, our guy was dressed with a shirt embroidered with our client's logo, and armed him with business cards, a fake company badge, and his laptop. Upon entering the building, he was immediately greeted by reception. Our man quickly displayed his fake credentials and immediately began ranting about the perils of his journey and how important it was for him to get a place to check his email and use a restroom. Within in seconds, he was provided a place to sit, connection to the Internet, and a 24×7 card access key to the building. Later that evening, he returned to the empty office building to conduct a late-night hacking session. Within a short period of time, he had accessed the company's sensitive secrets.
Most people drop their guard on Facebook. And why not? After all, on Facebook, you're surrounded by people you "know like and trust." How could you possibly be in danger with 6 bazillion "friends" to look out for you?
Online Banking Protection
If your company does high value online banking transactions, limit those activities to a secured, stand alone computer that has no access to email or web browsing, The American Bankers Association now recommends that businesses use a dedicated PC for online transactions.
Cybercriminals are writing malware to create fraudulent Automatic Clearing House (ACH) and wire transfers. In order to hijack your transactions, a criminal must first insert the malware onto one or more of your company's computers. Infecting a computer is much easier if that computer is connected to the internet or used for email.
In particular, the ABA recommends
commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
To add another layer of protection, consider implementing "locked down computing" for your online transactions.
Devices such as IBM's ZTIC (Zone Trusted Information Channel) are designed to protect online bank customers from a "man in the middle" attack. In this scenario, an attacker intercepts an online transaction as it occurs, and re-directs funds to a fraudulent account.
The ZTIC is a smart card reader that attaches to a computer used for online banking. During a transaction, it bypasses the web browser completely and establishes a secure connection with the bank. This approach is referred to as "locked down computing" and lets users see exactly how their transaction is being directed. If a hacker attempts to channel funds to a frauduent account, the user can immediately abort the transaction.
Online Banking Security 7 Best Practices for Online Banking Security
Sending your bank transactions surfing across the web can be as hazardous as piloting a ship through pirate-infested waters. Here are seven best practices for online banking security.
Use a Dedicated PC
The American Bankers Association now recommends that businesses use a dedicated PC for online transactions. Cybercriminals are writing malware to create fraudulent Automated Clearing House (ACH) and wire transfers. In order to hijack your transactions, a criminal must first insert the malware onto one or more of your company's computers. Infecting a computer is much easier if that computer is regularly connected to the internet or used for email. In particular, the ABA recommends that "commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible."
Lock Down Your Computer
So-called "locked down" computing creates a secure channel between your PC and your bank's server. IBM's ZTIC is one hardware solution that you can use to secure your online transactions.
Establish Dual Control
Work with your bank to establish "dual control" over your account. Once this safeguard is in place, two individuals from your organization will need to log on and authorize any transaction. With dual control in place, a hacker would need to breach two computer accounts in order to commit a fraudulent transaction.
Get Alerts
You can also request that your bank send email confirmations of online transactions. This will provide you with an early warning of any fraudulent activity.
Use Strong Passwords
Treat your password like a toothbrush; change it often, and don't ever share. Strong passwords are the first line of defense in your online kingdom. Follow this link to rea more about creating strong passwords.
Check Account Balances at the End of the Workday
Automated Clearing House (ACH) transactions are not usually processed until the next business day. If you catch a fraudulent transaction at the end of a business day, you may be able to cancel it before any funds are transferred.
Don't "Friend" Strangers
An article by ID Theft expert, Robert Siciliano should give every CIO and CSO heartburn. Siciliano relates how a white hat hacker used Facebook to breach a company's physical security and infiltrate their network. The same techniques could be used to to hack into online banking accounts. Siciliano says that most people drop their guard on Facebook. And why not? After all, on Facebook, you're surrounded by people you "know, like and trust." The author's bottom line: "Mom told you not to talk to strangers. I'm telling you not to "friend" strangers, because they could be scammers. Scammers are watching. They know that once you are on Facebook, your guard goes way down."
Use a Dedicated PC
The American Bankers Association now recommends that businesses use a dedicated PC for online transactions. Cybercriminals are writing malware to create fraudulent Automated Clearing House (ACH) and wire transfers. In order to hijack your transactions, a criminal must first insert the malware onto one or more of your company's computers. Infecting a computer is much easier if that computer is regularly connected to the internet or used for email. In particular, the ABA recommends that "commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible."
Lock Down Your Computer
So-called "locked down" computing creates a secure channel between your PC and your bank's server. IBM's ZTIC is one hardware solution that you can use to secure your online transactions.
Establish Dual Control
Work with your bank to establish "dual control" over your account. Once this safeguard is in place, two individuals from your organization will need to log on and authorize any transaction. With dual control in place, a hacker would need to breach two computer accounts in order to commit a fraudulent transaction.
Get Alerts
You can also request that your bank send email confirmations of online transactions. This will provide you with an early warning of any fraudulent activity.
Use Strong Passwords
Treat your password like a toothbrush; change it often, and don't ever share. Strong passwords are the first line of defense in your online kingdom. Follow this link to rea more about creating strong passwords.
Check Account Balances at the End of the Workday
Automated Clearing House (ACH) transactions are not usually processed until the next business day. If you catch a fraudulent transaction at the end of a business day, you may be able to cancel it before any funds are transferred.
Don't "Friend" Strangers
An article by ID Theft expert, Robert Siciliano should give every CIO and CSO heartburn. Siciliano relates how a white hat hacker used Facebook to breach a company's physical security and infiltrate their network. The same techniques could be used to to hack into online banking accounts. Siciliano says that most people drop their guard on Facebook. And why not? After all, on Facebook, you're surrounded by people you "know, like and trust." The author's bottom line: "Mom told you not to talk to strangers. I'm telling you not to "friend" strangers, because they could be scammers. Scammers are watching. They know that once you are on Facebook, your guard goes way down."
Top Ten Ways to Get Infected
How your online habits leave you and your computer at risk
Keeping safe online takes more than just installing a few security programs. To protect both you and your computer, here are the top ten bad habits you need to avoid.
1. Browsing the Web with javascript enabled by default
Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners. Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Firefox, Opera, and the much maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing.
2. Using Adobe Reader/Acrobat with default settings
Adobe Reader comes pre-installed on most computers. And even if you never use it, just the mere presence can leave your computer at risk. Vulnerabilities in Adobe Reader and Adobe Acrobat are the number one most common infection vector, bar none. Making sure you stay up-to-date with the latest version of Adobe products is imperative, but not foolproof.
3. Clicking unsolicited links in email or IM
Malicious or fraudulent links in email and IM are a significant vector for both malware and social engineering attacks. Reading email in plain text can help identify potentially malicious or fraudulent links. Your best bet: avoid clicking any link in an email or IM that is received unexpectedly - particularly if you do not know the sender.
4. Clicking on popups that claim your computer is infected
Rogue scanners are a category of scam software sometimes referred to as scareware. Rogue scanners masquerade as antivirus, antispyware, or other security software, claiming the user's system is infected in order to trick them into paying for a full version. Avoiding infection is easy - don't fall for the bogus claims.
5. Logging in to an account from a link received in email, IM, or social networking
Never, ever login to an account after being directed there via a link received in an email, IM, or social networking message (i.e. Facebook). If you do follow a link that instructs you to login afterwards, close the page, then open a new page and visit the site using a previously bookmarked or known good link.
6. Not applying security patches for ALL programs
There are dozens of security vulnerabilities waiting to be exploited on your system. And it's not just Windows patches you need to be concerned with. Adobe Flash, Acrobat Reader, Apple Quicktime, Sun Java and a bevy of other third-party apps typically host security vulnerabilities waiting to be exploited. The free Secunia Software Inspector helps you quickly discover which programs need patching - and where to get it.
7. Assuming your antivirus provides 100% protection
Don't believe everything your antivirus does (or rather doesn't) tell you. Even the most current antivirus can easily miss new malware - and attackers routinely release tens of thousands of new malware variants each month.
8. Not using antivirus software
Many (probably infected) users mistakenly believe they can avoid malware simply by being 'smart'. They labor under the dangerous misconception that somehow malware always asks permission before it installs itself. The vast majority of today's malware is delivered silently, via the Web, by exploiting vulnerabilities in software. Antivirus software is must-have protection.
Of course, out-of-date antivirus is almost as bad as no antivirus software at all. Make sure your antivirus software is configured to automatically check for updates as frequently as the program will allow or a minimum of once per day.
9. Not using a firewall on your computer
Not using a firewall is akin to leaving your front door wide open on a busy street. There are several free firewall options available today - including the built-in firewall in Windows XP and Vista. Be sure to choose a firewall that offers both inbound and (as importantly) outbound protection.
10. Falling for phishing or other social engineering scams
Just as the Internet makes it easier for legitmate pursuits, it also makes it easier for scammers, con artists, and other online miscreants to carry out their virtual crimes - impacting our real life finances, security, and peace of mind. Scammers often use sad sounding stories or promises of quick riches to hook us into being willing victims to their crimes. Exercising common sense is one of the best ways to avoid online scams. For extra help, consider installing one of the free anti-phishing toolbars
Keeping safe online takes more than just installing a few security programs. To protect both you and your computer, here are the top ten bad habits you need to avoid.
1. Browsing the Web with javascript enabled by default
Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners. Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Firefox, Opera, and the much maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing.
2. Using Adobe Reader/Acrobat with default settings
Adobe Reader comes pre-installed on most computers. And even if you never use it, just the mere presence can leave your computer at risk. Vulnerabilities in Adobe Reader and Adobe Acrobat are the number one most common infection vector, bar none. Making sure you stay up-to-date with the latest version of Adobe products is imperative, but not foolproof.
3. Clicking unsolicited links in email or IM
Malicious or fraudulent links in email and IM are a significant vector for both malware and social engineering attacks. Reading email in plain text can help identify potentially malicious or fraudulent links. Your best bet: avoid clicking any link in an email or IM that is received unexpectedly - particularly if you do not know the sender.
4. Clicking on popups that claim your computer is infected
Rogue scanners are a category of scam software sometimes referred to as scareware. Rogue scanners masquerade as antivirus, antispyware, or other security software, claiming the user's system is infected in order to trick them into paying for a full version. Avoiding infection is easy - don't fall for the bogus claims.
5. Logging in to an account from a link received in email, IM, or social networking
Never, ever login to an account after being directed there via a link received in an email, IM, or social networking message (i.e. Facebook). If you do follow a link that instructs you to login afterwards, close the page, then open a new page and visit the site using a previously bookmarked or known good link.
6. Not applying security patches for ALL programs
There are dozens of security vulnerabilities waiting to be exploited on your system. And it's not just Windows patches you need to be concerned with. Adobe Flash, Acrobat Reader, Apple Quicktime, Sun Java and a bevy of other third-party apps typically host security vulnerabilities waiting to be exploited. The free Secunia Software Inspector helps you quickly discover which programs need patching - and where to get it.
7. Assuming your antivirus provides 100% protection
Don't believe everything your antivirus does (or rather doesn't) tell you. Even the most current antivirus can easily miss new malware - and attackers routinely release tens of thousands of new malware variants each month.
8. Not using antivirus software
Many (probably infected) users mistakenly believe they can avoid malware simply by being 'smart'. They labor under the dangerous misconception that somehow malware always asks permission before it installs itself. The vast majority of today's malware is delivered silently, via the Web, by exploiting vulnerabilities in software. Antivirus software is must-have protection.
Of course, out-of-date antivirus is almost as bad as no antivirus software at all. Make sure your antivirus software is configured to automatically check for updates as frequently as the program will allow or a minimum of once per day.
9. Not using a firewall on your computer
Not using a firewall is akin to leaving your front door wide open on a busy street. There are several free firewall options available today - including the built-in firewall in Windows XP and Vista. Be sure to choose a firewall that offers both inbound and (as importantly) outbound protection.
10. Falling for phishing or other social engineering scams
Just as the Internet makes it easier for legitmate pursuits, it also makes it easier for scammers, con artists, and other online miscreants to carry out their virtual crimes - impacting our real life finances, security, and peace of mind. Scammers often use sad sounding stories or promises of quick riches to hook us into being willing victims to their crimes. Exercising common sense is one of the best ways to avoid online scams. For extra help, consider installing one of the free anti-phishing toolbars
Subscribe to:
Posts (Atom)