Malware gets more malicious, boots small country offline
A record number of Web sites that steal your password and other information were detected by the Anti-Phishing Working Group in December, according to a report from the organization, which works to fight identity theft.
The group reported 31,173 sites that spread crimeware—malicious software programmed to steal your password and other information—an 827% uptick from January 2008. In addition, it received a yearly high of 34,758 phishing reports in October 2008.
Botnets are another worrisome online-security problem, according to Steve Gibson, a security consultant and owner of Gibson Research Corp. Infected computers are gathered into groups called botnets, sometimes comprising hundreds of thousands of PCs, that send out spam, phishing e-mail, and malware. "There’s such a strong incentive for getting a bot on someone's machine," Gibson says.
Those incentives range from the financial to the political. "Consumers may think, 'Who cares if my PC is a bot,'" says Ed Skoudis, co-founder of IntelGuardians. "But a bot can be used for an operation against the U.S. military or against the electric grid in your city."
One way botnets attack organizations is by using a distributed denial-of-service (DDoS) attack. "DDoS attacks happen from zombies [individual computers within a botnet] sending traffic to a certain IP address," says Gibson. "We’ve seen small countries taken off the Internet by botnets." One recent example: DDoS attacks targeted at the largest Internet service providers in Kyrgyzstan knocked most computers in the country offline in January, according to the SANS Institute, a security training organization.
People often ignore the most obvious sign that their computer is infected with a bot, says Gibson, which is slower performance. "Most people think it's just an older PC slowing down," he says. "They’ve been told to ignore one of the major indications that something is doing something to their machine."
Here are some steps you can take to safeguard yourself against malware:
- Be sure your security software (Ratings available to subscribers) is up-to-date and running, and that you have a two-way firewall. You can get a free one from Zone Alarm.
- Don't click on links in mass mailings of things like e-cards or videos.
- Never open an .exe or .zip file attached to an e-mail.
- Run updates of programs like Adobe Reader and QuickTime when prompted, but make sure the prompts you get are legitimate and come from the software company itself.
- Be careful when you type in a URL; many malware sites use common misspellings of popular site names.
For a wealth of free information on how to protect yourself from online predators, visit our Online Security Center.
—Donna Tapellini
Previous
Posted by: Paul Eng | Apr 6, 2009 11:02:54 AM
To Kurt and all:
We are currently working on revising our Ratings of security software, which as you note is a bit outdated. (Last tested Sept. 2008)
To be sure, when the new Ratings of security software is ready we'll keep everyone posted here on the Electronics Blog (http://blogs.consumerreports.org/electronics) as well as on:
The Online Security Blog:
http://blogs.consumerreports.org/electronics/online_security/
and our free Guide to Online Security:
http://www.consumerreports.org/security
Thanks,
Paul Eng, Web Sr. Editor (Electronics)
Posted by: Kurt | Apr 6, 2009 12:51:55 AM
the newer 2009 versions of many security programs have made the ratings that are posted obsolete. I would trust the reviews on this website. most reviews on the net are paid for by the company that looks the best on their charts. Operating systems that are before windows xp are less safe. many outdated or free antivirus programs are less then effective if not useless. some known viruses try to fake you out by pretending to be an anti-virus program. be careful about what you download. free programs are often used to lure you into downloading negative programs. Websites most often to contain viruses and other negative programs are adult site, gambling sites, and free games/music sites.
Posted by: Michael LaBorde | Mar 26, 2009 4:54:01 PM
As well as not opening .exe and .zip files, you should not open .scr and .bat files among others. Also, on some computers, you may have to change your settings to see the full name of a file to see if it ends in .exe, .zip, etc. If not, all you will see is either the first part of the name or a name with a false file type label. Windows computers default to hiding the full name of files.