2010 Malware Maladies
The picture is changing for the security landscape of online threats. If e-mail has been the dominant source of viruses and Trojans for the past two to three years, experts believe that malware that comes from Web 2.0 sites will be the biggest security threat for 2010. Because of wildly popular Web 2.0 technologies like social networking sites, hackers and phishers are looking at sites like Facebook and Twitter as launching pads for a new generation of viruses and other forms of malware. Almost a quarter of security experts that were surveyed by Webroot fully believe that such threats are harder to manage than e-mail clients.
E-mail has been getting increasingly difficult to hack. Because of the embarrassment Microsoft got for the leaky security of the Internet Explorer and Outlook tandem, the software giant has been diligent in developing patches that are made available for downloading. Other computer users may have gotten wiser. Realizing that they only made themselves vulnerable by using Microsoft e-mail software, they simply switched to other e-mail clients or use web-based mail instead.
Web 2.0 features like videos and PDF files are becoming carriers of malware. Following the aftermath of the Haiti earthquake tragedy, phishers saw an opportunity right away to make some money. Videos claimed to be footages of earthquake victims and rescue operations actually contained malware. PDF files were made to look like they were letterheads of legitimate relief agencies looking for aid pledges, but they contained javascript code that could compromise computers.
Despite the difficulties that are foreseen once these Trojans manage to take hold of the computer’s internals, security experts say that managing these threats are done essentially the same way.
For one, keeping tabs on security updates and making sure that software has been patched or updated to the latest version will have a big effect on how secure a computer will be against viruses and other forms of malware.
Aside from updating software, some companies who recognize that new threats are using Web 2.0 applications will enforce a ban on Web 2.0 sites like Facebook and Twitter on office computers. Aside from not exposing office computers to Web 2.0 threats, the companies realize they may have a big productivity boost once they filter out Facebook and Twitter from incoming web traffic. Another way companies will improve the security of their computer infrastructure is by crafting and enforcing internet use policies. Not all companies have these policies, but for those who did, most were able to cut down the threats that pounded on office networks.
Companies can also use a different PDF reader other than Adobe Acrobat. Â Foxit Reader can open up PDFs but do not allow code execution. There are tradeoffs of course when one chooses non-Adobe software for reading PDFs. There could be a loss in fidelity and some small changes in layout will happen, but for those who have been attacked by Rogue PDFs, better security could be well worth the switch.
Another company realized that most malwares and viruses execute in 32 bit environments. By switching to newer 64 bit operating systems, they found that most viruses did not work that well.
While Web 2.0 threats will be more dominant this year and for the years to come, the techniques to secure computers are still the same. Updating software, applying patches, and keeping current anti-virus definitions will still all help in preventing the spread of this very 21st century malaise.