Internet security forecasts can lead us to believe that we are in for some stormy online weather. But being aware of and prepared for dangerous Web conditions may help you to stay safe online.
The experts at Lavasoft have put together a round-up of the top threats that we have been seeing, and unfortunately expect to see more of in the future. From rootkits to various identity theft attempt techniques, our top five threats list will help you to know what to be on the lookout for.
Threat #1: Rootkits
The first on our list of suspects are dangerous because they can hide malware. Rootkits are programs that fraudulently gain or maintain administrator level access that may also execute in a manner that prevents detection. They are extremely stealthy in nature, ranking higher than program kernels. One famous example from this past year was the Sony rootkit fiasco with a recent lawsuit settlement of $750,000 U.S. Other recent examples of malicious rootkits out there include Hack Defender, Apropos adware with rootkit, and Wareout (also known as Zlob Trojans).
Threat #2: Fake Codecs
Fake codecs, also known as Zlob/Smitfraud Trojans (just one of many Trojan techniques), are malware that lures computer users into downloading files that infect their PCs. They masquerade as codecs required to view online videos, then install a fake anti-spyware program which finds fake malware on the system; this is done to lure victims into buying the rogue anti-spyware program. Other victims have received fake e-greetings or instant messages from friends.
Threat #3: IM Vulnerabilities and Attacks
There is no debate about it: instant message-based attacks are on the rise, for AIM, Yahoo, Messenger, and more. Security vendor Akonix Systems recently cited a 73 percent increase in IM threats so far this year. These attacks rely on social engineering to spread malicious code; a link that appears to be from a known contact is sent. Because many people are not informed about threats coming in through this venue – only 3 percent of those polled in a Lavasoft survey were concerned with
IM threats – these attacks are succeeding.
Threat #4: Exploits in Windows, Browsers, and Legitimate Software Applications
In 2006 hackers kicked off the year by releasing zero-day attack code based on a flaw in the way Internet Explorer handled WMF (Windows Meta File) documents. These were followed later in the year by a rash of targeted attacks that exploited un-patched flaws in Microsoft’s Office software (most recently in Microsoft Word in November 2006). This security hole has been patched, but hackers constantly push through to find new flaws to exploit.
Threat #5: Phishing & Identity Theft Attempts
The methods that malware can use as an attack vector, in order to find a way in to your computer and steal private sensitive information, are varied and wide-ranging. This list can include phishing attacks, banking Trojans, password stealers, and downloading Trojans. A key mitigating factor of staying clear of these types of threats is user accountability and education.