Although it’s always a good idea to take security companies’ dire warnings with a bit of skepticism, it’s clear to me we must take PC and Internet security seriously. It’s not a time to “be afraid, very afraid,” but it does make sense for anyone using PCs to take reasonable precautions to protect their data, their privacy, their security and their PCs. And by “PC,” I mean all types of PCs, including Macs and Unix systems. Macs may be less of a target than PCs, but they’re not exempt, especially to “social engineering” scams that take more advantage of human error and misjudgment than technological vulnerability.
It’s also important to realize the game has changed. In the 1980s, when I started covering “viruses,” the culprits were mostly hackers out to do damage for their own amusement or bragging rights among fellow hackers. Today, the motivation is financial. When asked why he robbed banks, Willie Sutton was famously quoted as saying, “Because that’s where the money is.” Today, the money, or at least a good chunk of it, is accessible via the Internet.
Whether it’s protecting our online-accessible bank accounts and credit cards or worrying about having our PCs hijacked and turned into “zombies” or “spambots” for someone else’s ill-gotten gain, we have a responsibility to take reasonable precautions.
Symantec’s latest Internet Security Threat Report, published in March, observed “increases in phishing, spam, bot networks, Trojans and zero-day threats.” A zero-day threat is a potential attack against undisclosed or unpatched vulnerability. Bot networks are automated systems that use innocent people’s and organizations’ PCs to distribute spam or malicious code or host phishing sites. “Phishing” is when you get an e-mail that looks like it came from a bank, Paypal or some other legitimate organization asking you to confirm your identity by logging into their server and answering some questions. The phishing site – which can look remarkably legitimate – then collects your user name, password and other information you enter.
Symantec noticed a particular increase in “Trojans,” which constituted 45 percent of the top 50 malicious code samples, “a significant increase over the 23 percent last period.” Of primary concern are Trojans that download and install malicious code that can put a “back door” on your PC to make it vulnerable to even more malicious software. Like the classical “Trojan horse,” a Trojan may appear to be something good, but it’s actually destructive.
In its own threat report, security company Sophos also notes an increase in Trojans, which often consist of executable files’ “attempt to download additional Trojans,” including spyware programs that attempt to steal personal information.
One common misconception is that Americans are commonly being attacked from overseas. Although there is a global threat, it turns out “the United States was the top country of attack origin, accounting for 33 percent of worldwide attack activity,” according to Symantec. People in other countries have cause to be concerned about what’s coming from our shores. And, though businesses spend billions of dollars dealing with security threats, Symantec found that consumers “were the most highly targeted sector, accounting for 93 percent of all targeted attacks.”
One thing that Sophos and Symantec found is that much of the risk can be traced to user behavior. That’s not to say you have to do something foolish to be a victim, but there are plenty of situations where people are separated from their money or their privacy as a result of “social engineering” – trickery that gets people to do something that increases their risk. Whether it’s phishing or a tempting offer by spam, scammers have a way of getting us to take actions that are not in our best interest. Sophos, for example, found that the two leading subject matters for spam are medical and stock scams – we care a lot about our health and our money and are inclined to grasp at whatever might improve either. Surprisingly, Sophos found that pornography- related spam dropped from 17 percent in 2005 to 6 percent by the end of 2006.