With the escalating use of computers, internet and social networks so are the number of threats that can affect your personal information and critical documents. Email viruses, Trojans, internet worms, spyware and keystroke loggers have appeared and continue to spread worldwide. Many of these threats are low profile but well-targeted and are more about making money than creating havoc. Malware is unlikely to delete a hard drive or corrupt one of the Microsoft applications like a word document or spreadsheet, but the new cyber-vandalism will exploit financial gain opportunities. In fact, some files are being encrypted and others are launching service denials, preventing individuals from accessing websites.
One of the most concerning items are viruses that silently install a keystroke logger, which waits until the victim visits a financial website and then records the user’s account details and passwords. The hacker who receives this information can clone credit cards and dive into bank accounts. Once the virus has done the job it deletes itself to avoid detection.
Another malware activity is turning your computer into a remote-controlled “zombie” to relay millions of profit-making scams on unsuspecting computer users. And, let’s not forget the social networks like Twitter and Facebook where cybercriminals are finding new ways of infecting computers and stealing identities.
Phishing continues on a large scale by sending out mass mail messages but now there is something called spear phishing. This type of phishing focuses on a small number of people within an organization. The mail appears to come from colleagues in trusted departments and the attack is more likely to succeed because the victim thinks that the message is from a trusted source. It is a new method to infringe on security.
There is a litany of computer threats out there so here is a summary of what else you need to be aware of:
- Adware – software that displays advertisement on your computers
- Autorun worms – Malicious program that take advantage of the Windows AutoRun feature that execute automatically when they are plugged into a computer
- Backdoor Trojans – Allows someone to take control of another user’s computer via the Internet without their permission
- Boot sector malware – Spreads by modifying the program that enables your computer to start up
- Browser hijackers – Changes the default home and search pages in your internet browser without your permission
- Chain letters – An email that urges you to forward copies to other people
- Cookies – Files placed on your computer that enable websites to remember details
- Data theft – The deliberate theft of information, rather than its accidental loss
- Denial-of-service attack – Prevents the users from accessing a computer or website
- Document malware – Takes advantage of embedded script or macro content in document files
- Drive-by download – The infection of a computer with malware when a user visits a malicious website
- Email malware – malware or viruses distributed by e mail through attachments like Netsky and SoBig. Be very careful not to bring up attachments from unreliable sources.
- Fake anti-virus malware – Reports non-existent threats in order to scare the user into paying for unnecessary product registration and cleanup
- Hoaxes – Reports of non-existent viruses or threats
- Internet worms – Create copies of themselves across the internet. The Conficker worm is one that infects machines over the network, spreading rapidly.
- Keylogging – When keystrokes are surreptitiously recorded by an unauthorized third party
- Malware – A term for malicious software including viruses, worms, Trojan horses and spyware
- Parasitic viruses – Also known as file viruses, they spread by attaching themselves to programs
- Phishing – The process of tricking people into sharing sensitive information with an unknown third party
- Ransomware – Software that denies you access to your files until you pay a ransom
- Social networking – Websites allowing you to communicate and share information but can also be used to spread malware and to steal personal information
- Spam – Unsolicited commercial email, that is equivalent to junk mail that comes to your mailbox
- Spear phishing – The use of spoof emails to persuade people within a company to reveal sensitive information or credentials
- Spyware – Software that enables advertisers to hackers to gather sensitive information without your permission
- Trojan Horses – Programs that pretend to be legitimate software but actually carry out hidden and harmful functions.
- Viruses – Computer programs that can spread by making copies of themselves
- Zombies – An infected computer that is remotely controlled by a hacker. Often part of a botnet which is a network of many zombies or bot computers
Now that you know about some of the major threats, what can you do to avoid viruses, worms, spyware, Trojans and other destructive items?
For starters, try to block files that often carry malware especially those with more than one file-type extension. Also, make sure you use anti-virus endpoint security software and it helps if you subscribe to an email alert service. Remember to use a firewall and back up your data regularly.
You should also stay up to date with software patches, disable autorun functionality and introduce a computer security policy that is distributed to all staff.
You should always choose secure passwords, avoid spam and never respond to emails that request personal financial information. If you do online banking, type the address into the address bar instead of following links embedded in an unsolicited email.
Don’t forget to buy online safely. Purchasing from a secure computer or device running the latest anti-virus software, firewalls and security patches will significantly decrease your chances of becoming a victim and never follow links from unsolicited online communications such as e mail Twitter or Facebook. Finally, only share sensitive information when you are fully satisfied with the legitimacy of the company. Only purchase through websites using encryption and those are URLs that start with https:// instead of http:// (the s stands for secure).