Think You’re Internet Safety Savvy? – Think Again

What you don’t know can’t hurt you, right? I’m not a mathematician, so I can’t vouch for the relative statistical accuracy of that statement, but I do know this: what you don’t know can hurt you big time on the Internet.

In any given week I speak with 100’s of typical Internet users who generally have the same behavior characteristics while surfing the Internet in that they:

Use a search engine to locate and generate information.

Despite the fact that cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines, the typical user I come into contact with has no knowledge of current conditions, and believes search engine output to be untainted and free of potential harmful exposure to malware.

Sadly, current statistics indicate that over sixteen thousand web pages were infected with malware daily between January and June of this year; three times the rate of infection noted in the previous year. Work out the math, and you’ll find that’s one new infected legitimate website every five seconds!

More disturbing, seventy nine percent of compromised web pages tracked this year were on legitimate web sites; including web sites owned by Fortune 500 companies, government agencies and ironically, security vendors.

Trust the information they discover while online to be reliable and credible.

Rogue security software developers, for example, rely on the innate level of trust that typical Internet users’ have developed, to convince users’ to download this type of malicious software. The vast majority of typical Internet users I speak with are not aware that such a class of software even exists. But it does; and regrettably, it is becoming more widespread.

A rogue security application is an application, usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Some types of rogue security software have the potential to collect private and personal information from an infected machine which could include passwords, credit card details, and other sensitive information.

Communicate with family and friends by email.

The worldwide Internet population is now estimated to be 1.08 billion users, so the ability to communicate with family and friends has increased dramatically. Unfortunately however, cyber-crooks are well aware of the opportunities such a large number of unaware potential victims present for illicit monetary gain.

Incredible as it seems, billions (that’s right billions), of spam email messages are generated every hour through so called botnets; zombie computers controlled by cyber-criminals.

The Marshal Threat Research and Content Engineering (TRACE) report for the first half of 2008 has just been released, and unhappily it shows that “Cyber criminals are using ‘blended attacks’ to distribute malware and links to hacked websites via email on an unprecedented scale”.

Sustaining this conclusion, the IC³ (Internet Crime Complaint Center) recently stated that these types of attacks against Internet users are occurring with such frequency, that the situation can be called nothing short of “alarming”.

Yet, the majority of typical users, that I meet, are unaware of the very real dangers that spam emails hold for their safety, security and identity protection. Email scams, for example, are only one of the many dangers that email users face on a daily basis.

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational email topics.

Recently, spam CNN sensational news alerts seem to be one of the methods cyber-crooks have selected to capture users’ attention, rather than emails offering pharmaceuticals, expensive watches, or other knockoff products.

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system, your money and your identity:

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on the computer
  • Install a personal firewall on the computer
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  • Ensure the anti-virus software scans all e-mail attachments
  • Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected
Advertisements

11 Comments

Filed under Application Vulnerabilities, Browser add-ons, Firefox Add-ons, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Personal Perspective, Safe Surfing, Search Engines, Spyware - Adware Protection, System Security, Windows Tips and Tools

11 responses to “Think You’re Internet Safety Savvy? – Think Again

  1. Pingback: » Think You’re Internet Safety Savvy? - Think Again

  2. Mr. Mullins–
    Thanks to your efforts, I don’t think any of this will be “news” to your regular readers.. though the numbers might surprise them.

    I just read on Rueters:
    “WASHINGTON (Reuters) – While Web users drown in spam and fend off scams aimed at stealing their money, U.S. federal and state law enforcement authorities are doing little to resolve what has become a multi-billion-dollar problem..”

    Maybe you can tell me.. why isn’t someone (anyone) going after the disease? (We users are merely installing more and more apps to combat the symptoms.)
    Is it simply because there’s no profit in fighting the badguys?

  3. >Is it simply because there’s no profit in fighting the badguys?

    Internet equalized field internationally for bad guys but not for law enforcement.

    There is no viable solution so far… Hardware initiatives such as Trusted Platform Module look so grim that I am more willing to install virus myself than use that thing.

    Situation could be improved with global security preaching on OS level… Vista tried. And failed miserably – UAC control taught users that first thing they should disable security to not be bothered every second. 😦

  4. Pingback: Think You’re Internet Safety Savvy? - Think Again | premiumsecret.com

  5. Pingback: Betting On Tech » Think You reInternetSafety Savvy? - Think Again

  6. Pingback: Technology In Life » Kids, not Russian government, attacking Georgia’sInternet, says…

  7. Yes it’s totally out of control, and preventable. Websites can be secured, although the potential of DNS cashe poisoning is very real problem that will have to be fixed on a fundamental level.
    @Rarst UAC is a decent attempt at security and isn’t that big a deal to anyone who’s ever used a Unix based OS. UAC isn’t that different, but it could and should have been better. But anyone who turns UAC off is playing with fire. Vista’s security despite sensational headlines from some media outlets, is better than XP’s Ed Botts interview with one of the authors of the paper who found the recent exploit, shows the tech press to be little more than tabloid level journalism.

  8. Pingback: 1168

  9. Good post, It’s useful for me.I appreciate to suggest you cool download website : http://www.hothitdownload.com

  10. Jim

    Great list!

    I would say the top 3 methods of infection are:

    1. Download rogue anti spyware program

    2. Use P2P program to download infected multimedia file. Install spyware/virus through Codec.

    3. Open up a bad email file

    Antivirus and antispyware software are REACTIVE. The best way to protect yourseld is through safe surfing habits!

    http://www.spyware-fix.net

  11. Pingback: 1401