I don’t think it is a secret that the Internet is slowly becoming less safe. There are more threats now than ever before. Unfortunately these threats are also becoming more dangerous. Malicious users have grown up and are no longer interested in crashing systems – instead they want to sell your information to get money (to get prostitutes with?). They are using spoofing and cloaking to trick users into installing software or to type in their passwords on some copied page, all without anyone knowing.
Malware
Malware, and in particular spyware, will always be the biggest threat. The reason it will always be at the top is due to the fact people love free junk, and hackers take advantage of that as much as possible. One of the newer tactics is to try and install a codec needed to play some video (usually porn), and instead install some icky virus or spyware. Go on any Digg comments page about a celebrity and there will be tons of links to such video files.
When I first heard about this new tactic the first thing I thought was “wow, it’s about time they do that.” For years and years I always wondered why no script kiddies did it – even though it would be so incredibly easy to do. Simply claim you have a video of Paris Hilton and Britney Spears doing topless dances together (don’t know why anyone would want to look at that, they are both ugly), trick some idiots into installing a “codec”, and boom, you have control. So simple, but so effective.
Another similar tactic is to disguise a virus as innocent software (a bit of a Trojan horse). A perfect example of this is WinZix. I have not tried it, but from I have heard (from forums and friends) it installs some nasty, hard to uninstall adware. Basically WinZix is a program you need to uncompress .zix files. They are generally hidden behind a .rar or .zip file, so you won’t know about it until after you spend hours and hours downloading the stupid thing.
Phishing
While the threat of some new viral outbreak is always at the top of the “Internet threats” list, the risk of losing your identity from phishing is a close #2. More and more malicious servers, are being set up in an attempt to steal your information. You might think you are on Pay Pal, but are you? How do you know whether or not you are? The easy way is to look at the URL, but will that trick always work? Give it time, malicious users will find a way to trick the entire DNS system and forward domains to bad servers.
In addition, I believe the openness of many public and private WiFi networks is practically an invitation to steal users’ information – it’s like waving your wallet in the street and yelling “hey criminal, come here and steal my info!” Just a tip: use open WiFi for simple things – not for transferring cash on your bank’s site or on PayPal.
Spam
No Internet threats list is complete without spam. Spam can come in many forms, can be sent several ways, and it can even help spread viruses and assist in the theft of innocent Internet users’ confidential information. Odds are if you read this blog you are a blogger, or you are at least interested in the art of blogging (or, maybe neither) – so I won’t spend any time discussing comment spam. However, I will discuss something that is often overlooked – e-mail spam, and more importantly, e-mail spam with spoofed addresses.
As I have said in many previous posts, it is incredibly easy to spoof an e-mail address. In fact, all you have to do is change one setting in your e-mail client and you too can send a message from any address (assuming your SMTP server supports it, which most if not all do). The root cause of this problem has to do with the e-mail architecture itself. Currently there is no real way to prevent e-mail spoofing beyond SMTP server rewrites. I do have some ideas on solutions, but they belong in a post of their own. For now, I’ll simply say, don’t ever totally believe the “from” address on an e-mail. Until everyone learns to distrust that header entry, people will continue to be taken advantage of by phishers.
If it is a message about your parent’s dog, fine, but if it contains a link to some program on an unknown site or has a program as an attachment, a little bit of caution is warranted. I’m not saying every user should be paranoid and think everyone is out to get them (run run run, as fast as you can, you’ll never catch me, I’m the gingerbread man!), I’m simply saying you should be careful.
Conclusion
So, those three items are the top Internet security threats of 2008. It’ll be interesting to see if the Internet has less spam and malware at the end of the year, but I suspect it won’t. The best way to stay safe is to stay educated. Even knowing how to tell the difference between a real site and a spoofed site can go a long way towards keeping your identity safe.
And remember, most likely your computer knows more about you than you do. It knows what you are interested in, it knows what your crazy fantasies are (please don’t share them!), it knows your passwords, your bank account numbers (please share them on here! … just kidding), etc.
Please subscribe, or else I will cry. Do you really want to make a programmer cry?
March 2nd, 2008 at 3:23 pm
I honestly hate all of the above. Please…Destroy it?
I look forward to reading more of your content.
Keep up the good work.
If you want some cool Wordpress Plugins, check out my blog…
Brad @ Brad Blogging.com
March 2nd, 2008 at 5:44 pm
Thanks for your thoughts, Brad.