Evading viruses, phishing scams, zombie botnets and other cyber assaults requires smart software and alert surfing.<br>By John Biggs
According to security software company Symantec, 2009 was a banner year for malicious software, or malware, with up to 100 attacks a second from 240 new programs found in the wild. This is double 2008’s numbers.
The character of these attacks has evolved, too: the semi-intelligent viruses, worms and other digital creepy crawlies that hitch rides on e-mails, fool you into executing them, then self-replicate on your computer are already on the decline as the hackers’ tools of choice. “E-mail attachments were once the most common vector used by malicious code to infect computers,” says Marc Fossi, a researcher for Symantec. “However, various protection measures like e-mail attachment blocking, along with user education about these threats, have limited their effectiveness.”
There’s a lesson and a warning to be gleaned from this: good software and smart users can foil malware threats, but hackers adapt quickly, and last year’s threat can morph without warning into a totally new and insidious techno-tactic. According to Fossi, Web-based attacks are on the rise, and we’re now more vulnerable when we click on bogus links than when we open poisoned e-mail attachments. Malware writers have even created code capable of combing through contacts on social networks, delivering their pernicious payloads in messages purportedly from our most trusted friends. (In May this year, a Facebook message with a link to a “Distracting Beach Babes” video began making the rounds, infecting the PC of anyone who clicked on the video link.)
And the latest malware attackers are more ambitious than their predecessors. No longer content to simply replicate themselves and spread, modern malware programs can install themselves secretly on your PC and attempt a complete take-over of your system. The hackers who design these attacks can take thousands (in rare cases, millions) of computers hostage and remotely command them to do pretty much anything.
Compromised “zombie” computers are organised into massive multi-machine armies known as botnets, then rented to the highest bidder like hacker holiday flats. These networks, with names such as Rustock and Mega-D, can be used by bot herders to send out spam, attempt to infect other computers and even request files from remote computers. The botnet associated with the ever-morphing Conficker worm has even set up a decentralised peer-to-peer communications network, making it almost impossible for researchers to track.
The damage to a zombie computer can sometimes be minor (systems slowdowns and random glitches) and potentially unnoticeable – after all, the point of much of this software is to fly under the radar. But, since much of modern malware is designed to allow remote users complete access to your system, such hacks can also be used to steal valuable personal information.
Hackers prey on people who are trying to check their bank balances or visit their favourite e-commerce sites. By grabbing a password or two, most hackers can quickly and easily worm their way through the rest of your accounts.
Breaking and entering
The first step towards prevention is to understand the two-headed beast that is modern hacking. These days, cyber criminals are as interested in access to your online accounts as they are in access to your home computer. Most users’ personal data networks exist both on their PCs and in the cloud (the term for Webbased services that include online e-mail, banking, document creation and social networks where more and more of our info resides). And many attacks take advantage of security lapses and behavioural slip-ups in both arenas.
The easiest and most common method for bad guys to get your data is currently the phishing attack, wherein hackers create a Web page that looks trustworthy but is actually a collection point for passwords and credit card information. Many scams involve e-mails about fake charges to your credit cards or online payment accounts. The subject line may be something like “Your charge of R521 has been completed”, and the e-mail includes a link to what appears to be a bank or online service. The link will direct you to a log-in Web page that resembles your bank’s, but has a slightly different URL. By attempting a log-in, you inadvertently give your account number and password to a hacker.
But these poisoned sites could just as easily install a permanent bit of malicious code on your computer and harvest information when you go to legitimate websites. If that doesn’t instill a sense of digital paranoia in you, consider this: a recent study by a Cisco researcher checked the effectiveness of antivirus products and found that many popular programs achieved a detection rate of less than 19 per cent for brand-new threats.
Malware designed to exploit newly discovered software vulnerabilities is known as a zero-day attack. To identify malware, security programs rely upon something called an MD5 hash, a fingerprint taken of the virus on the day security software programmers discover it in the wild. Hackers using zero-day attacks take advantage of the short window of time between the malware release and the moment the hash is prepared and uploaded to your security software. That’s why the Cisco study found that after one week, the security software identified 63 per cent of the same threats. This is not to discount the value of good security software. Symantec, McAfee and Kaspersky Lab all offer a variety of products for both Windows and Mac operating systems at a reasonable price. These programs may not catch everything, but they are an important line of defence against the malware onslaught and will monitor your computer’s behaviour for anything suspicious. Free antivirus programs such as Avast and AVG Free (both for Windows) and iAntiVirus (for Mac) will also cover most basic virus protection and browser safety issues.
But no software can replace good security habits, most of which derive from simple common sense.
One of the most important – and most neglected – security practices is good password selection and protection. The modern computer user can end up with dozens of accounts with various services, all of which require a user name and password, and it can be a lot to remember. However, easy-toguess passwords can open up a security hole that can end up being a huge headache for you, your family and even your employer.
Consider the case of the social networking site Twitter, which recently found itself the victim of a hack attack that exposed many of its private e-mails and business documents. By guessing the password of a hapless office assistant at the company, hackers were able to move through the assistant’s Google account and grab shared documents with ease. It didn’t help that the assistant used the same password for many of her Web site log-ins, allowing the hackers to traverse from service to service without worrying about hacking each one.
Experts agree that the only way to keep hackers from leapfrogging from account to account is to maintain different complex passwords for each one. At the very least, maintain a few passwords with multiple levels of security. One level for low-security accounts like YouTube and Netflix, another higher level of security for social networks, and another still for banking and online shopping sites. That way, someone may be able to stream movies from your Netflix queue, but at least they can’t easily empty your bank account.
Choosing effective passwords can be done with mnemonic devices. Pick a phrase that means something to you and includes numbers and capital letters (for example, “I have two dogs named Rufus and Natalie”), then combine the first letters of each word with the numbers to construct a password (“Ih2dnRaN”).
Even with the best passwords and software, it’s essential to pay close attention to your hardware, software and accounts. If you notice that e-mails you may not have read are now marked as read, or unknown files suddenly appear on your computer, or that your hard drive is “churning” without much going on, there’s a chance someone has gotten to your machine.
Review your bank and credit card information regularly. Because most attacks are almost invisible, if someone gets your passwords and runs up a huge bill, it could be months before your bank unravels and repairs the error. Interestingly, credit card transactions are usually easier to reverse than debit card transactions, which should give you pause before typing in a card that is directly connected to your bank account.
Pay attention to URLs when browsing, especially when following a link that may seem suspicious. If your browser displays anything other than the Web site you intended to visit, close the session right away. Remember that mobile browsers on phones and tablets may not be as secure as desktop-based Web browsers simply because they may not show the URL you’re visiting or alert you to security problems with the domain you’ve typed. In any case, it’s always best to accurately type in a URL address to a known site yourself than to follow a link.
Finally, keep all your software – not just your operating system – up-to-date with the latest security patches and upgrades. Sure, it’s a lot of management, but think of security maintenance on your computer as the high-tech equivalent of checking the fluids and tyre pressure on your vehicle. Just as you don’t want to explain to your mechanic that your engine seized because you never checked the oil, you don’t want to explain to your credit card company a R10 000 charge at sportsbook.com because you didn’t have time to update with the latest patches for Internet Explorer.
Help! I think I’m infected. What now?
Follow these steps, in order, to repair a system inFected with malware.
Step 1 Update
First, check for operating system security updates and patches. most modern oss offer automatic update support, but confirm you have the latest version manually. then update your security software. check your firewall and router for updates as well, and, if necessary, reset the security settings to ensure your wi-Fi is locked down using wpa security.
Step 2 Eradicate
Run a full scan with your security software and delete any suspicious files it finds. then make sure it is set up for scheduled scans. some malware can open ports on your pc, allowing updated versions to pop in even after the real threat has been eradicated.
Step 3 Monitor
To make sure the demons are gone, run a program like Zone alarm (pc) or little snitch (mac) to monitor incoming and outgoing data. at first, things will pop up that aren’t threats; over time these programs learn your usage patterns. when you see a program or process displaying unusual activity, check the web to see if it’s known malware.
Step 4 Re-install
If you’ve got a bug that resists all attempts to remove it, you’ll need to reinstall your system from scratch. Back up all your personal files on a large UsB hard disc, then reinstall your operating system. move your old files back in and reinstall all your applications as well.