Did you know how hard the dedicated teams out there are working to infect your systems with malware?
I had no idea! Two days into a Cyber security evaluation at a conference and I wish I had nothing online anymore. Apparently security software can't always protect you; sometimes the best defense is a dose of common sense and a little bit of knowledge about what to watch out for. Whether it's fake antivirus scams, malware on social networks, or good old-fashioned e-mail attachments loaded with viruses, it pays to be on your toes so you don't end up becoming a victim to identity theft, a raided bank account, or even a home invasion.
As for where to find it, apparently you have to start with your smart phone and the mobile apps you love downloading so frequently.
More than 50 third-party applications on Google's official Android Market contained a Trojan called DroidDream. When you run a DroidDream application for the first time, the malware gains administrator access over your phone without your permission, according to mobile security firm Lookout. That means it could download more malicious programs to your phone without your knowledge and steal data saved on your device.
Google was able to stop the DroidDream outbreak by deleting the bad apps from the Market and remotely removing malicious apps from Android users' devices, but it's only a matter of time before the next outbreak occurs.
And malicious apps on the Android Market aren't the only way that malware authors can target phones: A recent Android malware outbreak in China spread through repackaged apps distributed on forums or through alternative app markets. Now I know why the big- on -security firms give blackberrys to their employees that are nothing but no application or interactivity devices for checking only corporate mails.
Another platform for security breach is the social networks, which are breeding ground for malicious activity. Be wary of any social networking postings that offer you the chance to see a cool photo or video or making claims you know to be untrue--such as a recent Twitter scam that offered to let you see who is viewing your profile. Often, these scams can be stopped by just revoking the app in your security permissions and changing your account password. Another smart thing to do, is to stop and ask yourself why a Facebook application wants to post messages on your wall or access your friends list. If you can't think of a good reason the app would need to do this, perhaps it's not worth authorizing.
Be careful of how much information about yourself you are sharing online. Do you really need to add friends you dont know so well? In September, three young men ran a burglary ring in Nashua, New Hampshire, by looking at Facebook postings about people going out and then targeting homes they believed were likely to be empty.
Be cautious of fake Anti- virus. Also known as "scareware," these scams start by convincing you to download a free antivirus program, sometimes appearing to be software from a reputable security company. Then the software claims your computer is under threat from a virus and you can save your system by buying a "full" version of the antivirus program for a one-time fee.
Once you do that, however, not only have you allowed more potential malware onto your computer, but you may have also handed over your credit card credentials to identity thieves. At that point, the bad guys can drain your bank account or steal your identity.
Believe it or not- PDF's are next on my list. I actually thought they were safe??? It may be the oldest online scam in the book, but e-mail loaded with malware attachments is still a big problem despite a high degree of awareness and robust antivirus scanning in Webmail clients such as Gmail and Yahoo Mail.
In 2010, 65 percent of targeted e-mail attacks used PDFs containing malware, up from 52.6 percent in 2009, according to MessageLabs, by mid-2011, 76 percent of targeted malware attacks were using PDFs as their primary method of intrusion.
It's not just businesses that are targets of e-mail scams either. Sophos recently discovered an e-mail scam in the U.K. purporting to offer an $80 gift certificate to customers of a popular pet supply retailer.
Make sure you are running an antivirus program and that it's up-to-date. Also, never open an e-mail attachment that you weren't expecting.
Last but not least, make sure that you keep Adobe Reader (or the PDF reader of your choice) up-to-date; Adobe regularly releases security updates that fix known flaws. The new Adobe Reader X has an updated security architecture that can better protect you against malicious PDF attacks.
If you are trying to safeguard your company's secrets or are worried about data leaks, monitor your company's network traffic for suspicious activity and conduct regular reviews of employee data access privileges.
The world of Internet, where you spend most of your waking hours, may be filled with malware and potential threats, but that doesn't mean you need to sweat.
Keep your guard up, use common sense, and keep your software up-to-date, and you will be able to reduce your risk of falling victim to attack.