Free Monthly Newsletter...and much more!

5 Star Support - Free Computer Help and Technical Support

 

 
Google

 

Security for 2007 - Predictions, and what the average user should do

1/1/07

Posted by Dave
5 Star Support Security Specialist

I thought it might be best to start off 2007 with some predictions and things to watch out for this year. These are not exclusively my thoughts by any means. They are shared by many in the computer security field, and are based on observing trends over a period of time. This has proven to be a sure way of determining which direction the crackers and malware writers are going toward next. Try to keep in mind that the driving force behind almost all Internet and computer abuse is no longer a game of bragging rights among small groups of crackers or script kiddies working from bedrooms or dorm rooms. The current driving force is money – big money. It involves cyber criminals and in many cases, organized and/or syndicated crime. Most of it is well structured, and much more complex than you can imagine. Here are the trends I see and what to be careful of for 2007.

A very big target that will continue to increase is IM or Instant Messaging. Considering the increasing number of IM users, this could prove to be one of the biggest security threats of the next 12 months. Enterprise IM will grow from 40 million users today to more than 140 million users by 2009, which could make IM the fastest growing communications medium of all time. Voice over Internet Protocol (VoIP) will also become a prime target in 2007. Phishers make spoof phone calls to victims in the hope of extracting their credit card details or stealing their identities using third-party software.

Spreading threats and targeted attacks will continue to be dominated by e-mail worms. The proliferation of bots and bot-networks will continue to grow, and evolve with countermeasures that will help them to both remain undetected for longer periods of time, and be harder to remove. Bots are computer programs that perform automated tasks; networks of bots are largely responsible for sending increasing volumes of spam. Distributed command and control, and protocols other than Internet relay chat (IRC) or HTTP will be used to control bot networks.

McAfee confirms the bot prediction, adding that "mules" will also continue to be an important aspect in bot-related moneymaking schemes. Mules, also known as "money mules", are people employed by cybercriminals in work-at-home jobs offered via Web sites and classified ads. When purchasing merchandise using stolen cash or credit cards, thieves must stay clear of increasingly strict shipping regulations, depending on the countries involved. To avoid this problem, they employ mules who live in the target countries, driving a lucrative underground industry in which mules are used to physically ship stolen merchandise items around the world. Spam increased by about 300% in 2006.

Home users are the most attacked sector, accounting for 86% of all targeted attacks. Attackers are using evasive tactics to avoid detection, and large, widespread Internet worms have given way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity
In 2006, attacks moved beyond online banking, with significantly increased attacks on customers of e-commerce sites such as eBay and PayPal, as well as social networking sites like MySpace. Criminals have gone from trying to hit as many machines as possible to focusing on techniques that allow them to remain undetected on infected machines longer.

One of the best measures of the rise in cybercrime is junk e-mail, or spam, because much of it is relayed by computers controlled by Internet criminals. More than 90 percent of all e-mail sent online in October was unsolicited junk mail, according to Postini, an e-mail security firm in San Carlos, Calif. Spam volumes monitored by Postini rose 73 percent in the past two months as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases. In November, Postini's spam filters, used by many large companies, blocked 22 billion junk-mail messages, up from about 12 billion in September.

To keep devices attack proof users should always ensure that security patches form the software vendors are up-to-date. Users should ensure that passwords are a mix of letters and numbers and avoid using dictionary words. Changing passwords frequently helps keep threats at bay. And different password for different web mail accounts or banking, stock broking, or any transaction sites would also help.

Special Trojans and worms are also created for seasonal use, especially around the holidays. High volumes of mass e-mails are usually sent around the holidays. This year has been no different, experts say. The spike in holiday spam is largely attributed to the fact that people have been more likely to open the messages. Consumers have been shopping online more, desperate for gift ideas. They also have been expecting electronic greeting cards from friends and family. Malicious spammers have been able to exploit this expectation by designing Trojan horses that can fool unsuspecting users.

Antivirus software maker McAfee issued several advisories over the holidays, warning customers to be wary of such Trojans. On Wednesday, it cautioned users about a malicious e-mail attachment named Christmas+Blessing-4.ppt that installs software that allows attackers to remotely access a compromised computer. Like many Trojans, the "Happy New Year" worm is not recognized by all virus scanners, so users should be extremely cautious when opening e-mail attachments.

"Within a short period of time, computers have become an intrinsic and essential part of everyday life, and as a result, there is a huge potential for monetary gains by malware writers," said Jeff Green, senior vice president of McAfee Avert Labs. "As we see sophisticated techniques on the rise, it's becoming increasingly hard for the general user base to identify or avoid malware infections," he added. The wide range of predictions is itself cause for concern. There is only one sure conclusion: Your online safety is at risk.

Here is what I recommend you do about all this. Take computer and Internet security seriously for 2007, if you haven’t already done so. If you need help, that’s what we are here for. There are a lot of good computer tutorials here on 5 Star Support. A paper titled ‘Security Review’ is a good place to start. You might want to follow that with a paper titled ‘Hardening Windows’. Be sure to keep ALL your software, not just your operating system, updated on a regular basis. Most security software updates are released weekly, and many antivirus and antispyware software updates are released daily. Microsoft releases operating system updates the second Tuesday of every month. Keep everything updated and patched at all times. The bad guys are relying on you not paying attention to these things, and it leads to their success, as well as your problems.

Remember to be very careful when opening e-mail. If you don’t recognize the sender, or it is a surprise, delete it. Be very careful of any e-mail attachments. My best recommendation here is for both you and your friends to get in the habit of first sending an e-mail indicating you will be sending them e-mail with a specific attachment that they should expect. Then both of you know what to expect. If you get something unexpected, simply delete it.

This will be a year in which all of us need to get into good habits when using our computers on the Internet, and stay alert. Don’t get lazy about it or you could be sorry. Remember that when you get an offer that seems too good to be true, it probably is. Don’t trust it. Also, before you choose an antispyware program, check it out before you install it. There are a lot of fakes available out there. We have recommendations here on 5 Star Support, and you can also go to www.spywarewarrior.com to see if it is listed as a rogue program.
Finally, follow our recommendations and suggestions here on 5 Star Support. Read the tutorials that are available, and keep your computer updated. If you do this, you will have a lot less to be concerned with, and your time spent using your computer will be a lot more enjoyable.
Until next time here on 5 Star Support Security Center, Happy Computing!

[Top]

 

Use the above information at your own risk.  See "Terms of use"

 

   Site Map  | About 5 Star Support  | Links | Comments
    Privacy Policy  | Terms of Use  | Newsletter Archive  | Awards
Usage of this site constitutes acceptance of our Terms of Use
Copyright © 2000-2014  5 Star Support All rights reserved.