Is The Internet Broken? You Decide

Each time that you connect to the Internet you are wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money and “It’s all about the money,” according to Graham Cluley, senior technical consultant at Internet security firm Sophos. In the worst case scenario, your identity and your financial security can be severely compromised.

Looking at estimates provided by a number of Internet security companies, the consensus seems to be that there are over 11,000,000 malware programs currently in the ether. Various Internet security companies report having to deal with as many as 20,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Since additional sophisticated threats are being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken. If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we can not rely on Internet search engine output to be untainted and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to an Internet security industry leader Sophos, over 90 percent of dangerous websites, that is – websites that are distributing Trojan horses and spyware – are legitimate sites that have been hacked through SQL injection.

It was reported recently that over sixteen thousand web pages were infected daily between January and June of this year; three times the rate of infection noted in the previous year. Work out the math, and you’ll find that’s one new infected legitimate website every five seconds!

More disturbing, seventy nine percent of compromised web pages tracked this year were on legitimate web sites; including web sites owned by Fortune 500 companies, government agencies and ironically, security vendors.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: Unless you have had the bad experience of installing this type of malicious software, you may not be aware that such a class of software even exists. But it does; and regrettably, it is becoming more widespread. Most rogue software uses social engineering to convince users’ to download this type of malicious software.

A rogue security application is an application, usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Some types of rogue security software have the potential to collect private and personal information from an infected machine which could include passwords, credit card details, and other sensitive information.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

Being involved in computer security, I am amazed and frankly frustrated, at the lack of knowledge exhibited by most typical computer users, and most importantly, the lack of knowledge concerning the need to secure their machines against the ever increasing risks on the Internet.

We now live in the age of the “Interconnectedness of All Things” in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and in this new political environment we now live in, perhaps even terrorists.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article, but one worth mentioning is the recent discovery that the very backbone of the Internet DNS can be compromised.

The Domain Name System serves as the “phone book” for the Internet by translating human-readable computer hostnames, e.g. http://www.example.com, into IP addresses, e.g. 208.77.188.166, which networking equipment needs to deliver information.

So what do you think? Is the Internet broken and if so, how can it be saved?

Be kind to your friends, relatives, and associates and let them know that all of the above dangers are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Be aware of the following security risks on the Internet:

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Window shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Review the following actions you can take to protect your Internet connected computer system:

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

About these ads

9 Comments

Filed under Firefox Add-ons, Freeware, Interconnectivity, Internet Explorer Add-ons, Internet Safety, internet scams, Online Banking, Online Safety, Rogue Software, Safe Surfing, Search Engines, System Security, trojans, Viruses, Windows Tips and Tools

9 responses to “Is The Internet Broken? You Decide

  1. Gustavo Muslera

    So for fixing the problem of people installing unknown (maybe rogue security) software from legal-looking rogue websites you suggest to install an unknown (at least, for most readers till now) (maybe rogue ) security software from a legal-looking website?

    Coming from the linux world, my recomendation is to install software like is being done in linux, the big majority of the software that you’ll ever need comes (in the cd or online) with your installed distribution, all there is audited and approved (and even fixed) by a huge comunity. The windows “distribution” have an insecure browser, a media player, a couple of games and not a lot more, but you can pick (preferably, only one) site widely known enough that reviews and provides most of the interesting software for that plataform (several years ago, could have been i.e. download.com, not sure now), treating it as your “distribution” and using only it to install anything.

    And about secure browsing, my suggested firefox addon is in fact NoScript (dont install it going to a website to install it, you fall again in the rogue sites problem, use firefox tools for its own approved collection of extensions), where you can enable flash, java, javascript, and i suppose that ActiveX too, only in the sites you want/trust.

  2. Pingback: » Is The Internet Broken? You Decide

  3. The things that make the Internet work (TCP/IP) were developed (over 30 years ago) with two main goals in mind:
    1) make the connection (no matter what OS, or make/model machine).
    2) the network will function in spite of major segments going ‘offline’.. such as in a nuclear war.

    Security against exploit, privacy, and use-as-an-attack-vector was never even considered.

    This all worked very well in the old world of computing (server/terminal) when most computers were on university campuses or inside government facilities.
    Today, every Tom, Dick, and Harry has a computer a thousand times more powerful than those old servers, and “Web 2.0″ allows them to ‘upload’ code.

    And hackers are no longer young people trying new things and proving how smart they are.. they are members of organized criminal enterprises and are often state-sponsored.

    We are reaching the end of the days when “patching” or issuing antivirus “fingerprints” will keep these old methods tottering along, and there is no question that the Internet as we know it NEEDS to be shut down and rebuilt from the ground up.
    This time, with cyber terrorists, cyber warfare, and cyber crime in mind.

    Once again, you put it very, very well Mr. Mullins.

  4. Your money isn’t so safe at the teller window either. Bank of America’s tellers gave a total of $12,000 of my money to thieves in SEVEN separate occasions. No PIN required. No verification that the signature was mine. Just a fake driver’s license in my name with the wrong expiration date, and their tellers handed out my money like it was lettuce.

  5. Pingback: safe search engine

  6. Help protect your computer against recent computer viruses by using antivirus software.

  7. Mary

    “This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click.”

    This is one reason I like using Thunderbird for my mail; when you mouse over a link, it shows you the actual destination in a toolbar at the bottom. This comes in very handy when the emails look very authentic.

  8. Pingback: » Is The Internet Broken? You Decide

  9. Pingback: Pages tagged "tricking"