According to security software firm Symantec, 2009 was a banner year for malicious software, or malware, with around 100 attacks per second from 240 new apps found in the wild. This is a 100 percent increase over 2008’s figures. Along with the character of the attacks has evolved: The semi-intelligent viruses, worms, and other digital creepy crawlies that hitch rides on e-mails, fool you into executing them, then self-replicate in your computer are already on the decrease as the hackers’ tools of choice.
There are a lesson and a warning to be gleaned from this: Great software and smart users may foil malware threats, but hackers adapt quickly, and last year’s threat can morph without warning into a completely new and insidious techno-tactic. In accordance with Fossi, Web-based attacks are on the upswing, and we are now more vulnerable when we click on fake links than once we start poisoned e-mail attachments. Malware writers have created code capable of combing through connections on social networks, delivering their pernicious payloads in messages supposedly from our most trusted friends.
And the most recent malware attackers are more ambitious than their predecessors. No longer content to simply replicate themselves and spread, contemporary malware programs can install themselves covertly on your PC and try a complete takeover of your system. The hackers that design these strikes can take tens of thousands (in rare cases, millions) of computers hostage and remotely control them to do pretty much anything. Compromised”zombie” computers are organized into enormous multimachine armies called botnets, then rented to the highest bidder like hacker vacation condos. These networks, with titles such as Rustock and Mega-D, may be used by bot herders to send out junk, try to infect other computers as well as request files off remote computers. The botnet connected with the ever-morphing Conficker pig has set up a decentralized peer-reviewed communications system, which makes it almost impossible for researchers to monitor.
However, since much of malware is designed to permit remote users complete access to your system, such hacks are also used to steal valuable personal information. Hackers prey on people that want to check their bank accounts or see their preferred e-commerce websites. By grabbing a password or 2, most hackers can quickly and easily worm their way through the remainder of your accounts.
Breaking and Entering
The first step toward prevention is to understand that the two-headed beast that’s modern hacking. Nowadays, cybercriminals are as interested in access to your online accounts as they are in access to a computer. Most users’ personal data networks exist both in their PCs and in the cloud (the expression for Web-based services which have online email, banking, record creation, and social networks where more and more of our info resides). And lots of attacks take advantage of security lapses and behavioral slipups in both arenas.
The simplest and most common way of bad guys to receive your data is now the phishing attack, wherein hackers create a Web page that appears trustworthy but is really a set point for passwords and credit card information. Many scams involve e-mails about bogus charges to your credit cards or online payment accounts. The subject line might be something like”Your cost of $521 has been finished,” and the email contains a link to what seems to be a bank or online support. The link will direct you to some log-in Web page that looks like your bank’s but has a slightly different URL. By trying a log-in, you accidentally give your account number and password into a hacker.
However, these poisoned websites could just as easily put in a permanent piece of malicious code onto your own computer and harvest information when you visit legitimate sites. And if that does not instill a feeling of digital paranoia in you, consider this: A recent study by a Cisco researcher assessed the effectiveness of antivirus products and discovered that many popular programs achieved a detection rate of less than 19% for brand-new threats.