Valentine’s Day – Malware Love Is Coming Your Way

From the – here we go again files. Love in your inbox – malware on your computer.

Like clockwork, spammers and cybercrooks ramp up the volume of Valentine’s spam emails aimed at unsuspecting users – every year – starting just about now.

You know the ones –  “Falling in love with you”, “Sending you my love”, “Memories of you”, “I Love You Soo Much” …………. (saccharin sells I guess    ). Since cyber crooks are opportunity driven, you can expect much more of this type of cybercriminal activity again this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. You get them so often, that you just automatically click on the email attachment without thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting emotions. The fact is, we’re all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, many of us find it difficult, if not irresistible, to not peek at love notes received via *email.

The reality.

The truth is, these emails often contain links that deliver advertisements – or worse, redirect the victim to an unsafe site where malware can be installed on the soon to be victim’s computer.

Would you be fooled?

A couple of years back, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. Clicking on the link led him to a site which had a graphic of hearts and puppies – and of course,  the teaser.

Luckily, common sense prevailed and he backed out of this site. If he had clicked on the teaser, he would have begun the process of infecting his machine with a Trojan. A Trojan designed to connect to a remote command and control center.

Unfortunately, being smart is often NOT enough to protect yourself. At a minimum – make sure you have an effective security solution installed; capable of detecting both known and new malware strains.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them – they could take you to a web site designed to download malware onto your computer.

* Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc..

Google Gives Users The Finger One More Time

The Internet is one kickass place – survey after survey continue to show that cybercriminals are picking off unaware/undereducated users, as if they were shooting fish in a barrel. And Google, the “Do No Evil” company has just made it easier for the bad guys to take aim at you, and me. Read on.

As I reported in March of last year – Search Engine Results – More Malware Surprises Than Ever!

Cyber criminals have bumped up the level of search engine malware.

One in five search topics lead to malware…………

Google search results produced 38 percent of overall search engine malware.

Luckily, those users in the know – were aware that steps could be taken to mitigate the risk of an infection transmitted through a bad search engine result. The tool of choice – one I have long recommended to regular readers here – has been WOT (Web of Trust).

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

You can now scratch the reputation icon associated with the Google ads shown in the previous screen capture. Here’s the bad news. Google has reversed course, and no longer (as of April 13) allows a reputation assessment icon (in other words – a SAFETY assessment icon), to be displayed on Google sponsored ads.

According to WOT – “Due to Google’s policy change, WOT and some other similar tools can no longer show reputations for sponsored links on Google’s search results, or elsewhere on Google ads.”

In the following screen capture (taken today), you’ll notice WOT’s reputation icon (the green circle), attached to generic search results. You’ll also notice, on the TigerDirect (a Google ad), a reputation assessment is no longer available.

In my view, Google can take its “Do No Evil” motto, and “shove it where the sun don’t shine”. No matter the reasoning behind this move – the net result is, Internet surfers are at more risk than they were last week. Tell me that’s not EVIL!

A big “thank you” to regular reader Michael F. for the heads up.

Web of Trust (WOT) And Facebook Collaborate To Protect Users From Malicious Links

If you’re a Facebook user and you haven’t met a cybercriminal yet; hang in there – you will. Survey after survey continue to show that cybercriminals are picking off Facebook users as if they were shooting fish in a barrel.

Most cybercriminal schemes on Facebook are outrageous. But the bad guys know, that even the most outrageous schemes stand a better than average chance of being successful when targeted at Facebook’s largely unaware, and unsophisticated, user base.

With the collaborative effort announced today by Facebook and Web of Trust, WOT will now provide protection against dubious and malicious web links, that Facebook users continue to be exposed to. When a Facebook user clicks a link that leads to a page with a poor reputation rating as defined by the WOT community, Facebook will show a clear warning message.

Click on graphic to expand to original.

The plan is to roll out to US users 100% on May 12, and then the following week, after the translators have time to finish their work, roll out globally.

A quick reminder:

WOT’s Browser add-on users see reputation icons on Web sites, Google search results, email links, Twitter, as well as shortened URLs. WOT ratings are recalculated every 30 minutes to ensure users have the freshest and most reliable information. The free WOT add-on works in all web browsers and can be downloaded here.

You can read a full review on the benefits of adding WOT to your Browser here on this site – WOT (Web of Trust) – Is It The Most Important Browser Security Add-on You Need To Install?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

WOT Beta for Social Media – Facebook, Twitter Protection And More

WOT (Web of Trust), has just raised the Internet security bar a notch by releasing a Beta version of their award winning Browser add-on which will provide protection against cybercriminals in a number of their favorite hunting grounds – Facebook and Twitter.

Hopefully, WOT’s reputation icons on links in Facebook, Twitter and additionally for shortened URLs by most popular services, such as bit.ly and t.co, will help thwart some of the most outrageous criminal schemes perpetrated on unaware social networking site users.

At the moment, the beta of WOT for social media is available for Firefox only. But, be quick – there are only 1000 preview downloads available!

Download the beta version of WOT for Social Media here.

According to WOT – “The new WOT version will be released in a few weeks for general WOT users, and newcomers.”

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comment Spam Is Dangerous BS!

If you’ve ever wondered why comments on this site, and many other sites for that matter, are held for moderation by a site administrator, the simple answer is – comment spam, and the need to control it.

Without a doubt, comments are an important part of the mix for a technology site. Comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, comments are not without their share of issues; with comment Spam, in my view, being a significant problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam comments. Recently however, I’ve seen a major increase in the amount of comment Spam.

The following comment spam (full of praise – like many are), is just a small example of the type of nonsense Spam I deal with daily. (click on the screen capture to expand to original size – 1280 x 589).

Take a look at this one, and try to imagine the type of creep who would submit this as a comment.

Hard as it is to believe, there are many sites that rely only on a Spam filter to sort out the wheat from the chaff. Unfortunately, this complacency can lead to the posting of comment Spam that contains dangerous links. Links, which if followed, can lead to a malware site – guaranteeing a very painful experience. The comment shown above, for example, contains a number of malicious links.

Some advice:

Be cautious when following links contained in comments on any web site.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Be cautious following links on web forums. Forums can often be a source of dangerous links.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Twitter, Tweets, Cyber-Criminals And You

I like the idea that technology makes it easier to stay “connected”, but Facebook , Twitter and the like, take that connected feeling well past my comfort zone. While I do have several Twitter accounts, those accounts are dedicated to professional tweets only.

Despite my personal reluctance to be “hard connected”, I can certainly understand the attraction of social networking – particularly for the “wired” generation. I have no problem accepting that the social relevancy of Twitter and Facebook, is substantial.

Although, I must admit, I fail to see the social relevancy of the inane “look at me” tweets, posted to Twitter by celebrities like Demi Moore, or Ashton Kutcher. I’m just not driven by the paparazzi mentality, I guess.

Despite the obvious benefits of social networking, these sites are not without risk. Twitter, Facebook and other social networking sites, are now a veritable snake pit of nasty socially engineered malware attacks.

The “wired” generation, who are anything but “wired”, in my view, when it comes to good security practices, have taken their inadequate security habits over to Twitter, Facebook, and elsewhere. As a result, social networking sites have proven to be a gold mine for cyber-criminals.

Not a day goes by, where I don’t report in my Tech Net News column, on another virus, worm, or Trojan, targeting Twitter and Facebook users. Despite constant warnings NOT to click on embedded links, or respond to social network generated emails, a considerable number of users blithely ignore this critical advice. Go figure!

On balance, social networking is a good thing – it’s opened new doorways of opportunity to stay connected. But, with those positive opportunities, comes a new set of opportunities for cyber-criminals. Now, more than ever, if you are a social network aficionado, you need to be aware of the risks.

Minimum social networking safe practices:

Don’t let your guard down – assume every link in Twitter is potentially unsafe – including links from friends.

Be particularly cautious of shortened URLs.

Don’t trust social network e-mails – including emails that are purportedly from Twitter support.

Be aware that a single wrong click can lead to a drive-by-download infection.

It should go without saying that you must keep all applications (including your operating system) patched.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

An additional key point offered by my Internet friend Georg L. – Do not use any e-mail client like Outlook, Outlook Express, Thunderbird, or others. Instead, rely exclusively on the webmail facility of your service provider, even if this is less comfortable. In this way, e-mail cannot be misused as a vector for malware, because nothing is downloaded to your computer in the first place. By going without an e-mail client, you also save computer resources.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Bryan Keller’s Web Design and SEO Primer

Guest writer Bryan Keller, gives you the lowdown on how you can improve, not only your web site or blog’s visual appeal but, how SEO (search engine optimization) properly utilized, can drive more readers to your site.

SEO, which stands for Search Engine Optimization, is the process of optimizing one’s website to improve the position in which the website will appear within the search results obtained from a search engine based on specific keyword phrases.

The exact formula for achieving this result effectively and efficiently is a much talked about and debated issue.  However, there is at least consensus on the basic approach to improving position and for anyone who owns an online business it is just about imperative to follow these basic techniques for there to be any hope of appearing somewhere on the first or second page of Google, Yahoo, or Bing.

First, foremost and most important is the basic design and structure of the actual website itself.  A carefully planned out, user friendly, logical, and straightforward landing page or home page is essential.  In addition, maintaining a structured, easy to navigate, uncluttered and not overly complicated web design results in lower bounce rates.

It is very useful to actually layout the design of the website on paper before any computer design work even begins.  Using a graphical flowchart also greatly helps keep things organized and makes the design much easier to understand for anyone who will eventually be involved in the design, coding or implementation of the final project.

A flowchart is basically just a simple graphical representation utilizing directional lines, graphical symbols and pointer arrows that is utilized to depict the design characteristics of a websites menu-flow, page-order, and logic path.

In designing the website keep in mind that as much useful, high quality, informative, data about the business or industry the website is focused on should be included throughout the site itself.

A glossary of terms that relate to the industry the website specializes in would be a good place to start.  Another very useful inclusion could be a FAQ (frequently asked questions) page that describes in detail the most common questions relating to the website’s area of business, with descriptive answers.

When it comes to SEO, there can never be too much information included in a website as long as it is all completely original unique content (unless references are duly noted).

Original content means copying pages of data from the Wikipedia, or using content pages found on other websites or even ‘lifting’ excerpts of content from other websites simply will not work.  Plagiarized content ‘lifted’ from other sources without express consent can also be a source of legal concern.

This is one place where Google in particular, is very good at detecting copied content and will give no SEO advancement for such material included in one’s website.  If a business owner is not able to author original content themselves it would be advisable to hire someone to write original content for the website.  Original content is just as important if not more important than any other aspect of achieving good SEO results.

Additionally, there are many so called ‘article submission’ websites that are available to host uploaded content articles written about almost any subject.  As a matter of fact it is very possible that you may be reading this article on an article submission site at this very moment.

The purpose, in SEO, to the process of uploading and submission of articles to these types of websites is twofold:  first, popular article submission sites have thousands of guests each day which is a huge potential market for readers of the submitted articles and second, as an author one is allowed to create a signature that can include a link that directs traffic back to the website of the author’s choice.

This brings us to the topic of links, and more specifically ‘backlinks’.  The term backlink refers to a hypertext link, which is located on an external website that links, references, or points back to one’s own website.  A ‘backlink’ is made up of two parts: 1. The ‘URL’ of the destination site (or the site the link is pointing to), and 2. the ‘anchor text’ which is made up of the ‘keyword phrase’.  An example of a ‘backlink’ written in html code would look like the following:

<*a href=”http://www.yourwebsiteurl.com

“>Your Keyword Phrase<*/a>

When displayed this link would appear as:

Your Keyword Phrase

‘Your Keyword Phrase’ would be an active link pointing to the ‘url’ that follows the ‘href’ in the link statement above. (Please be sure to remove the asterisks – I used them only to prevent the link from becoming active.)

In the early days of the Internet backlinking was the holy grail of SEO.  One merely needed to acquire many, many links pointing back to one’s website to achieve a very high position within the result set of a search engine.  At that time it was mainly just the quantity of backlinks that determined a websites PR and not the quality of the incoming links.

Those days, I’m afraid, are long, long, gone.  The search engines are much ‘smarter’ today and the number of backlinks is not nearly as important as the ‘quality’ of the backlink in determining whether or not the backlink will provide a benefit to SEO at all.

To prevent the misuse of link farming and other types of link manipulation the use of the ‘no follow’ attribute has been implemented.  When the use of the ‘no follow’ attribute is applied to a link it directs the search engine to award no PR or ‘PageRank’ (PageRank will be explained in a moment) benefit to the landing site no matter how high the ‘PageRank’ of the referring site may be.  This has been successful in helping to reduce the amount of spamming and ‘spamdexing’.

Other methods that were once popular but are no longer effective include:  keyword stuffing, the use of hidden or invisible text, the use of unrelated hidden content with high search volume, and Meta tag stuffing.  If you are solicited by a business that mentions any of these techniques as a means to improve your SEO be sure NOT to do business with them!  None of these methods work at all anymore.

At this point it becomes necessary to discuss PR or PageRank.  PageRank is the method of grading a websites ‘authority’ or importance on the web and the process was developed primarily by researcher Larry Page (hence the name ‘Page’ Rank) at Stanford University as part of a research project.

Page and another researcher named Brin later founded Google and took the technology with them and it is still the basis of the Google search engine and search tools to this day.

A website’s PageRank is a numerical weight ranging from 0 to 10 that is assigned to a website based upon, among other things, the quantity of and the PageRank of the external websites that link in or have inbound links that refer to the target site.  A website that has many inbound links from websites that have high PageRank themselves will in turn be given a high PageRank as well.  According to Google’s website the PageRank is calculated by ‘considering more than 500 million variables and 2 billion terms.’

Needless to say, trying to understand an algorithm this complex exactly will never be possible but there are still many things that can be done to boost a sites PR and help improve its placement in search engine results.

We have discussed the importance of a high quality website design, the need for very informative original content, article submissions, backlinking and PageRank.  This would be a good time to begin discussing the process of determining keywords and keyword phrases.

Selecting the correct keywords and keyword phrases to focus the SEO efforts on can determine whether or not it will be possible to successfully achieve the intended result.  It is very important to take the time to do some research on competition and keyword popularity.

In general the most common terms that describe a business would be the best place to start.  For instance if you own a business that provides roofing contracting services keywords that you might consider focusing on might be ‘Roofing Contracting’ or ‘Roofing Contractor’.

Google provides a tool that displays the average number of searches for selected keyword phrases.  You can find this tool by searching Google for ‘keyword tool’.  After entering the keyword or keyword phrase and pressing the ‘search’ button a page of results will be displayed that indicate the number of times the particular keyword(s) has been searched for on average each month.

Also displayed are many other similar phrases that most closely match the keywords that were searched for.  Take the time to scroll through this list and many good alternative phrases can be found in this way.  Choosing the phrase that has the most searches and most closely matches the website’s line of business is a solid practical approach.

Guest writer Bryan Keller:

I own a Computer Repair and Data Recovery business in San Antonio, TX, San Antonio Computer Repair. I spent 10 years in database development. I am now also providing Website Development, Hosting, and SEO services. We use the Joomla CMS.

Altogether, I have been involved in computer programming for over 30 years. I was a self-taught programmer back when the ‘Atari 800’ was all the rage! I had an Atari 800 with 16 kilobytes of ram and a 6502 8-bit processor that ran at 1.7 MHz, no hard drive and a 5 1/4 inch floppy disk that stored just 180 Kilobytes of data. Of course there was no internet but we had the dial in bulletin boards that we connected to at 300 baud. lol.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Follow the Link and You “Takes Your Chances”

Regular readers on this site are aware, that virtually all downloads I recommend, are linked to CNET (download.com).

There is good reason for this – CNET scrupulously audits hosted downloads and linked sites, to ensure they are not contaminated by malware.

But links on Blogs can be a special problem for surfers – particularly links contained in comments. Don’t get me wrong –  comments are an important part of the blogging mix.

Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam (some containing malicious links), being the leading problem.

Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook, and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a good job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam.

On this Blog, Akismet routinely captures about 90% of spam comments, according to my blog stats. In real number terms, Akismet has captured in excess of 60,000 spam comments here, in the past two years. But what about the other 10%? – some of which will contain malicious links?

As a matter of policy, I test every allowed link included in a comment, for safety.

Regretfully, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which are highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – any time I write on registry cleaners I can expect the following comment, (shown in the following screen capture), or one like it, to show up.

This comment included a link, to a free application, which supposedly is superior to the free application I recommended in the article.

The comment itself looks harmless, but if I’d allowed this comment to be posted (and I’ve seen this comment published many times over, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, here on Tech Thoughts, 10 or more comments (thankfully picked up by Akismet), contain malicious, or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable, or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

Use Norton DNS as an added safety precaution.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Yahoo Instant Messenger Under Attack Again or Still?

A new variant of an old Yahoo Instant Messenger Worm spreading fast.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, etc, are wildly popular with users who want real-time computer contact with each other, and so, they form a perfect attack vector for malware distribution.

Symantec, along with a number of other security providers, are warning users of Yahoo Instant Messenger specifically, they are being targeted by a new variant of an old IM Worm, identified by Symantec as W32.Yimfoca.

(Graphics courtesy of Symantec)

If you are a Yahoo Instant Messenger user, you need to be particularly cautious, at the moment, in saving what appears to be a JPG or GIF file, but in fact could easily be this malicious executable.

This threat drops a worm which will lead to the attacker taking control of the victim’s computer. Additionally, the Worm is programmed to attack those in the victim’s contact list.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), the following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

Click here: “Keep Your Kids Safe With Free Parental Control Bar”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.