The web is a fountain of information, a busy marketplace, and thriving social scene for those of who choose it to be so. While online criminals are nothing new, their methods and tendencies to undertake stealthy attacks on ordinary Web users are evolving in ways that can be hard to stop without the correct knowledge. In today's online world, hackers are lacing Web sites, sometimes even legitimate ones, with malware designed to secretly and silently infiltrate our PCs to steal sensitive personal information and also turn our the computers into tools that can be used to send more spam and malware onto the Internet. So without further ado, here are some basic tips for protecting yourself online from these faceless criminals.
1. Protect Your Web Browser
The most direct line of attack between the internet and your computer is the browser installed on the PC. Flaws found in browsers are one of the oldest techniques that online criminals have been using. These browser vulnerabilities download malware onto computers using hidden download methods that users will never notice and can't possibly know exist. Internet Explorer and Mozilla Firefox are the most targeted browsers due to the fact that they have been the most widely available and consequently are the most popular among users. Be sure to download updates for your browser regularly and you can be relatively sure that you are surfing safely.
However, your computer can still be exposed to malware in the time between a discovered vulnerability and the implemented security fix. In cases such as these, it is recommended that you use security software in conjunction with regular browser updates, especially if you are a Windows XP user. It would also help to use a more obscure browser such as opera or chrome, both of which are newer browsers on the market and don't have the same popularity as Firefox and IE.
2. Get Adobe Updates
Most consumers are familiar with Adobe Reader, which opens and reads PDF files, and Adobe’s Flash Player for its prominence in online web games. In recent years, a virtual epidemic of attacks has flooded Adobe attempting to exploit their security flaws. Nearly half of these attacks today come hidden in PDF files which will infect a computer as soon as its opened. The beauty of this kind of infection method is that no matter what kind of browser you might be using, its almost a sure thing that you're using Adobe Reader and Adobe Flash Player. The good news is that the majority of people getting infected via Adobe are running old, non-updated versions of their software, much of which has glaring security holes. Nowadays Adobe attempts to update automatically and it is as simple as following a few simple steps. If you would like to make sure your software is up to date, all you have to do is manually update Adobe.
To update Reader, open the application and then select the “Help” tab and click “Check for Updates” from the menu bar. After a few moments Adobe will determine if your software is up to date and if not it will prompt you to download the latest version. Since April 2010, Windows users have been able to choose to get future updates automatically without additional prompts by clicking “Edit”, then “Preferences”, then selecting “Updater” from the list and checking “Automatically install updates.” Mac users have a similar option available to them but Apple will require that they enter their password each time an update is installed. Adobe has elected not to allow silent and automatic updates due to many people being adverse to them.
3. Beware Malicious Ads
An increasingly popular way to get attacks onto trusted websites is to slip them directly into advertisements, usually by tricking smaller advertising networks. This practice has come to be known as Malvertising, which typically exploits software vulnerabilities or sends deceptive and harmful pop-up messages to the user. The most well known version of Malvertising, and one you've probably personally encountered, involves an alert that a malicious virus has been found on the computer, followed by urgent messages to buy the necessary software to remove it. Of course, there really is no harmful virus and the security software, called scareware, is nothing more than fake. This method is simply a ploy to get credit card numbers and a few quick bucks at the expense of a gullible person who believes the message they are seeing is a genuine notification from their system. Currently scareware accounts for half of all malware delivered in advertisements which has increased five times since last year.
Closing the pop-up or killing the browser will usually end the episode, but if you encounter this scam, be sure to check your PC with trusted security software or with Microsoft’s Security Essentials. If you are unlucky enough to have picked up a nasty virus, don't sweat it. Microsoft cleaned scareware from 7.8 million PCs in the second half of 2009, up 47 percent from the 5.3 million in the first half, the company said. My personal favorite for eliminating threats garnered from the web is called Malware Bytes.
4. Poisoned Search Results
There is an online phenomenon on the web called Search Engine Optimization (SEO) which is a technique that raises websites to the top of search engines based on keywords alone. Online criminals are also using this technique to manipulate search engines results into placing malicious sites toward the top of results pages for popular keywords. Typically these malicious sites embed popular keyword to try to distribute scareware to those unlucky enough to visit. Luckily search engines like Google and Microsoft’s Bing are doing their best to detect malicious sites and remove them entirely from their indexes. There are free tools available online such as McAfee’s SiteAdvisor and the Firefox add-on called Web of Trust which can warn you about potentially dangerous links.
5. Antisocial Media
Attackers also use e-mail, instant messaging, blog comments and social networks like Facebook and Twitter to trick people into visiting their websites or downloading malware. It's always better to be safe rather than sorry when dealing with suspicious messages or friend requests, especially in today's day and age. Phishers are trying to steal your login information so they can infiltrate other accounts, impersonate you to try to scam others out of money, and of course gather personal information about you and your friends.
One of the most rampant variants of these AntiSocial Media attacks have come from the Koobface worm and its cousins which have been taking aim at users of Facebook and other social sites for more than a year. The attack usually begins with the promise of a hilarious and never before seen video which prompts you to download a fake multimedia-player codec which is required to view the video. If you do happen to download this codec, your PC will become infected with malware and assuredly become part of a botnet which spews spam and malware across the four corners of the Internet.
Despite all these great tips for keeping you safe on the net, the most important aspect involved in keeping your computer safe from malware is to have a healthy dose of suspicion when browsing. Online criminals are using increasingly sophisticated methods to prey on the unsuspecting and your best defense on the web may just be your gut instinct.