Most end-users are confused when their PC's become infected with Mal-ware/Spy-ware/Virus software, and they were only browsing the web for work and doing nothing out of the ordinary. Unfortunately on today's Internet, being cautious does not always equate to being secure. There are many areas of the web which contain mal-ware and spam. Even the common, or well-known sites are being used to distribute malicious software and phishing attacks.
In the second half of 2009 the web saw a 225% increase in malicious websites; more frightening is that 71% of the sites that were found to contain malicious code were legitimate sites which had been compromised. Hackers are now using Search Engineer Optimization (SEO) to boost the ranking of their mal-ware sites in your search results, making it easier to believe they are legit sites. Botnets are utilized to inflate search rankings. As soon as a trend towards the latest hot topic is discovered (i.e. Super Bowl, Tiger Woods, etc.), botnets are instructed to artificially boost the malicious site's ranking for that search topic.
Worse yet, hackers are increasingly injecting malicious code in websites that already appear in the top 100 search results and are often considered safe or trusted by end-users. Often "bad-links" are being injected via user-submitted content such as news items, posts, and comments.
Email traffic still consists of mostly Spam (85%), but 81% of that now contains links to malware. With increased social trending being used against us, how does your average user avoid becoming a victim? Some simple rules still apply:
1. Have a corporate firewall (such as a Sonicwall) that blocks mal-ware/viruses. Ensure this hardware is configured properly and up to date.
2. Run and maintain local virus protection software (such as Mcafee ASP). Though at best these products are only ~70% effective, they are a vital layer in protecting your PC.
3. Keep Windows, Office, and Internet Explorer up to date with any patches that are released and approved by your IT provider. This applies to any 3rd party software as well
4. If possible, do not have local administrative rights on your PC. Use a dedicated admin account for installations as needed.
5. Advanced users may also want to try web browsing with a 3rd party browser such as Google Chrome, Firefox or Opera. Often Internet Explorer is necessary for web applications, but not for day-to-day browsing.
References: http://www.websense.com/content/State-of-Internet-Security-Q3-Q4-2009.aspx?cmpid=prblog
Comments