Last month a botnet infected more than four million PCs. “The way peer-to-peer is used will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky. What threats do these attacks present, and how can we avoid them?
For anyone who suffered from this attack, the threat is serious. Your private data may have been compromised, including credit card and bank account information, so watch out for money being moved unexpectedly out of your accounts. These “phishing” attacks are behind many of today’s identity theft cases.
So how can you avoid being a victim of phishing? The first, and most obvious action is to make sure that your software, especially the operating system, is up-to-date and has the latest security features installed. With Microsoft Windows, for example, you can allow automatic updates to your computer.
There are two problems with automatic updates, though. The first is that security against viruses, worms, trojans and botnets can only be supplied after the malware has been detected in the wild. In other words, until somebody else gets infected nobody knows the malware exists.
Apart from the delay this causes, the second problem is that sometimes the good guys goof. Occasionally – not frequently – the Microsoft patches cause more problems for your computer. You might do better to subscribe to a service that tests the patches before you install them manually.
Of course, that raises two more problems: first, additional delays, and second spending your own time messing around with installing patches rather than getting on with serious computing! You’re between a rock and a hard place. In case you think this only a Windows problem, malware Mac attacks have been increasing lately, so the rest of this article applies to you Apple users, too. (If you are using Windows, I suggest you subscribe to the Windows Secrets newsletter service.)
Clearly, the best idea is to avoid contracting the infection in the first place. As with safe sex, avoiding promiscuity is the most effective way of avoiding infection. Social media can be powerful, but social promiscuity is dangerous.
Facebook promiscuity is a major source of infection. Do you get requests from friends using various apps that want to connect to your Facebook data? These are often (not always) phishing attacks.
When an app asks to connect to your Facebook data, it doesn’t just mean your public data: anybody can see that, of course. No, they are looking also for your e-mail address and your Facebook password, as well as other private information, such as birth date and family members that you may have included. Since Facebook doesn’t throw away your information, any data you have ever supplied is theoretically accessible.
Given your friend list, the malware can now send out spurious phishing messages to all your friends. And if any of them respond (because they think you’re asking them to) their private data is also available. If you, or anybody you “friend” on Facebook, uses their Facebook e-mail address and password anywhere else, that data is now available to the cybercriminals: once they get in, they have everything they need to access credit card and bank accounts, for example.
So how do you protect yourself? There are a few simple steps you can take: as with safe sex, the more precautions you take, the safer you are.
The easiest step is to use a different password for Facebook than you use anywhere else. I know, this is a pain, and gives you one more password to remember, but it’s like using a condom for safe sex. You might also consider other social sites similarly, but Facebook is the one that has been most subject to attack recently.
The second precaution is to avoid rogue apps. When I get a message that wants me to use an app I’m not familiar with, I just block it. If you hover over the message, you’ll find a little “X” appears in the top right corner of the message, giving you several options, one of which is to block the app.
The third is to be careful who you’re friends with. The temptation is to be friends with everyone, but unless you have a serious common interest there isn’t really much point in making a person your Facebook friend. And anyone who keeps sending me requests from social apps I unfriend immediately.
I trust you were not hit by the recent botnet, and hope this post has given you some useful information on how to stay out of trouble in the future. Let me know if you have found it helpful. Stay safe out there, and avoid social promiscuity!