- slide 1 of 3
- Search Engine Optimization (SEO) poisoning, called blackhat SEO, which directs users to a blog, website or a link that will download malicious software.
- E-mail message attachments or links that will open a fake scanner page or download malicious software.
- Injected scripts or malicious code in a compromised website.
- Malvertisements or malicious advertisements.
- Social networking services - scammers and criminals are now using the popular social networking services, such as Facebook, MySpace, Twitter, LinkedIn, to infect end-users. The malware is distributed by sending links in a social networking message or taking advantage of bugs or security flaws in open social networking platforms. One example of such a security flaw is the XSS vulnerability that requires no interaction by Twitter users or followers visiting twitter. Merely hovering the mouse on a link sends the victim to a website with malicious code.
- Misleading websites that exploit legitimate company names or websites.
- Bundled in cracked or hacked software.
- Potentially unwanted software that has affiliation or relation to distributors of spyware programs.
- slide 2 of 3
Security Vendors Threat Reports on Malware
Why is malicious software a problem? This question is answered by many security vendors on their threat analysis reports. An example report by Sophos says, "Sophos Labs received around 60,000 new malware samples every day in the first half of 2010; every 1.4 seconds of every day, a new malware sample arrives," and the reports of Sophos include a statement, which is "Malware remains a lucrative business; and because of this, cybercriminals put serious resources behind it. One key profit-driven malware trend of 2009 was the boom in 'scareware,' or fake AV scams. These attacks prey on IT security fears and fool users into believing their computer has a problem when it does not.". You can view or download the Sophos report in http://www.sophos.com/security/topic/security-threat-report-mid2010/malware.html.
Other security vendors provide malware threat reports, like Symantec, which states in their threat report, "The number of new malicious code signatures has shown significant growth by more than doubling on a year-to-year basis between 2006 and 2008. New signature creation in 2009 continued the upward trend and resulted in a near doubling of the total number of signatures. The previous Symantec Global Internet Security Threat Report noted that malicious code being developed for the underground economy is increasingly well organized and professional. This trend is likely continuing to drive the creation of malicious software because of the lucrative nature of online fraud."
With thousands of malicious codes and malicious software being distributed through several methods with the purpose of stealing identities or money and infecting computers, malicious software is indeed a problem that even antivirus vendors have to face as well as end-users.
- slide 3 of 3
How to Prevent Malicious Software Infections?
Preventing malicious software infections is easy, if you have the right tools, correct settings, up-to-date applications and operating systems and use safe computing practices.
- Antivirus and Firewall protection - Using advanced antivirus and firewall programs helps prevent known infections and attacks on home networks or computers.
- Up-to-date Windows, Mac, Linux or other operating system software - Malicious codes often succeed through targeting applications or the OS, if the known security flaws in an operating system or program are not fixed.
- Enable the fraud and malware prevention in browsers - IE include a SmartScreen Filter that is similar to the Firefox and Opera browsers' malware and fraud protection.
- Safe computing practices - Most scammers and malware creators exploit the curiosity or lack of awareness of most users. If you are well-informed about the latest threats or security issues on the Internet or computer applications, and apply the work-around to help prevent infections or loss of private information then you're ahead of the game. Do not fall into clicking links, ads or messages unless you are sure that the sender is trusted. Suspicious emails should be deleted at once.
- Extra layer of protection against malicious software - Antivirus and firewall software is not enough protection. We need to use extra layers of protection, such as a customized Hosts file, browser security add-ons, e-mail filters and software that checks e-mails for malware infected messages or attachments.
- Avoid visiting untrusted sites or services - Downloading is fun, but if the source is not a trusted site you might end up downloading malicious software or cracked software that can pose security issues on a computer and expose private data.
- Read the EULA before installing software or using any online service - Find out if an online service or software shares or sells your private information or installs third-party software that could be spyware or malicious software. Malicious software usually provides no EULA or a blank EULA. If you see this, immediately stop the installation and scan the computer using up-to-date antivirus software. Also, check-out our EULAlyzer software review.
- Use on-demand scanners - Not all types of threats are detected or removed by antivirus programs. Try scanning the computer using on-demand or online scanners.
Image credit: Wikipedia Commons/Luc.alquier (http://commons.wikimedia.org/wiki/File:Virus_ordinateur.jpg)