Malware never sleeps. And it never sits still, either. New and potentially disastrous threats appear on the Internet more frequently than new crops of tomatoes show up at the supermarket.
And with good reason. As soon as a new threat is discovered, security companies like Trend Micro snap into action, searching for ways to identify, neutralize, and remove the latest in evil software. And the bad guys, unwilling to give up on your hard-earned money, have to try and stay one step ahead of them.
Consider the notorious Duqu rootkit, which seemed like the baddest malware around when it was discovered in mid-October. That one appears to have been based on Stuxnet, the biggest baddy of 2010. As an unsigned Help Net Security article put it, "It is a game that malware creators have played with victims — the computer users — or with their arch-enemies — the AV industry — since computers were too large to fit in a regular room and were anything but 'personal.'"
When an email, apparently from a bank, credit card company, or Internet provider, asks for your personal information, you know there's something phishy going on. When a cyber con-artist goes phishing, he or she sends out email in hopes of tricking people into giving away passwords and other valuable information.
An interesting phishing letter aimed at Windows Live members has been making the rounds lately. It's relatively wordy and clearly written by someone without a good grasp of English grammar: "We encountered a problem with our database and a lot of records were lost, we are restoring our database to enable us serve you better." The message threatens the death of your account and data if you don't reply, then goes on to ask for your User Name, Password, Date of Birth, and Country. (For the full text, see this Windows Live forum discussion.)
People who are easily fooled will panic and fill in the information. Before long, spam will start going out in their name. They may get locked out of their own email accounts, or worse.
On Nov. 8, the FBI, the Estonian police, and Trend Micro brought down what may be the largest shark yet caught in the criminal waters of the Internet. In a sting code-named “Operation Ghost Click,” law enforcement officials raided offices in New York City, Chicago, and Tartu, Estonia. At the time of the arrests, the alleged criminal network controlled over four million computers without the knowledge of those computers' owners.
Dubbed Esthost, and controlled by the Estonian company Rove Digital, the illegal network used counterfeit Domain Name Server (DNS) settings to control infected computers. DNS servers are a necessary part of the Internet, translating human-friendly URLs into computer-friendly IP addresses and thereby telling browsers where they can find particular Web pages. Chances are your PC uses a DNS server belonging to the company that provides your Internet service.
You might think that malware threats are scary now, but believe me, they're only going to get worse. You can look forward to, or more likely dread, such wonders as smartphone worms, social attacks, and whales (not the kind that people want to save).
Jeff Vance provides a taste of things to come in an article on Network World. "It's only going to get worse as more information gets dumped online by mischievous hacker groups like Anonymous, and as for-profit hackers widen their horizons to include smartphones and social media."
They'll also narrow their horizons, with special attacks aimed at the juiciest targets. You've heard of phishing, which attempts to trick suckers into giving important information to criminals masquerading as trustworthy companies. But some suckers are more profitable than others, and why phish for minnows when you can target whales? Vance describes "a recent attack attempt where the bad guys targeted executives of a major corporation through their spouses. The logic was that at least one executive would have a poorly secured PC at home shared with a non-tech savvy spouse, which would then provide the backdoor needed to compromise the executive and gain access into the target company."
People know you through your Twitter account. That's how you express your opinions, your thoughts, and your concerns. And if you have a business, you promote it through your tweets.
So the last thing you want is someone else tweeting their opinions, thoughts, and concerns while masquerading as you. Should someone successfully hack your Twitter account, you're going to be embarrassed at best and ruined at worst.