Friday, January 20, 2012

Biggest Malware Threats To Your PC in 2012

2012 is already shaping up to be pretty messy from a computer security perspective. Not only are computer virus attacks up 60% compared to this time last year, but more alarming is the severity of these infections. So what viruses and malware should you be looking out for in 2012? At this time, the climate for attacks is simply brutal. Based on what we've seen and read since late 2011, if the rate and volume of attacks continue, 2012 won't be pretty. Widespread spam-driven attacks, social media scams and plenty of malware look to be on the table for 2012. I've come up with what I believe to be the top 5 threats to keep this article succinct.
So, with that in mind, read our top five threats to watch for in 2012.
Using  legitimate websites by which to stage attacks
The continued presence of  vulnerable Web site code - particularly, vulnerable Word Press blog plug-ins - are going to turn into a big problem in the near future. This coupled with a flood of other malware blazing across the web means we’ll see a lot of sites get hacked in the coming year and used to redirect victims into an exploit kit.
The plug-in vulnerabilities permit malware guys to upload their code onto someone else’s Web pages; Keylogger malware, such as Zeus/Zbot, just rips saved FTP passwords and other stored credentials and ships them directly to People You Don’t Want In Control Of Your Web Site.
It’s already happening, with attacks propagating against other vulnerable code, and the results have been pretty scarily effective. Most of the code we’ve seen uploaded to legit sites redirects the browser into the maw of one or another exploit kits.
Exploiting Vulnerable Web-Browser Plug-ins
Are you using those cool plug-ins that make web-surfing easier? From what I’ve been reading they’re the next gateway for malware. It all starts with Javascript and ends within a few minutes with the victim’s PC owned and the victim’s passwords in the hands of some overseas stranger.
It couldn’t get any more obvious that you need to act immediately. Update Flash, Acrobat, Office, and other vulnerable applications today, right now. Disable Javascript within PDF documents in your PDF reader’s preferences. And at least for the time being, the safest thing to do is to uninstall Java from any system you control, at least until a patch gets released to address CVE-2011-3544.
More Spam? Yep
As ridiculous as some of the spam campaigns this year have been, they must be effective, because the bad guys haven’t spared a moment for months coming up with new and innovative social engineering tricks.
If the spam we’ve seen is any indication, malicious spam we receive in 2012 will come in every available delivery method - email, social networks, IM - and continue to take every conceivable form: shipping confirmations, missed deliveries, reversed credit warnings, utility bills, credit card statements, complaints about you to the Better Business Bureau (whether or not you operate a business), online order confirmations from small boutique etailers, bank statements, electronic funds transfer rejection notices, poorly-spelled ‘friend notification’ emails from a wide variety of social networking sites.
Smartphones and malicious apps
I don’t want to leave the mobile world out of the fun list. The sheer volume of copycat Android malware coming out of, in particular, China is just astonishing. There are whole Markets hosted overseas just rippling with malicious badness, as well as ripoff artists on this side of the pond trying to scam whatever they can.

No comments:

Post a Comment