Malware Gets More Clever

By Peter Varhol

It used to be, not too long ago, that using anti-virus software with regular updates, and not downloading executable files from suspicious Web sites was enough to protect you and your computer from the harm of malware.  You had to be careless to get infected with a virus.

  Today, however, it’s a far different story.  Purveyors of malware are no longer disaffected programmers looking to be acknowledged for their talents.  That sort of belief causes us to underestimate both their capabilities and their intentions.

  Instead, most malware authors are members of sophisticated criminal enterprises, seeking not proof of their skill, but rather electronic fraud or theft.  Many work from other countries, and can’t easily be identified or traced.  The result is that it has become more difficult to identify an attack, and the stakes are far higher than in the past.

  It is more likely that any malware attack will target more than simply your operating system.   Rather, an attack will target any financial accounts on your system, or other resources on your network.

  Even legitimate Web sites aren’t immune.  It’s not that Web developers are fooled into providing malware as downloads to visitors’ computers, but rather it is relatively easily for professional hackers to gain access to those sites for their own purposes.  Web sites often aggregate links from different sites around the Web, and it becomes possible for attackers to plant files on one of those sites, which is then unknowingly made accessible by the legitimate site.   It is also possible for attackers to place malware inside of otherwise perfectly legitimate downloads.

  And it is increasingly difficult for virus checkers to identify these types of malware.  Part of the problem is that these files are able to hide within other programs that are not generally harmful.  Another reason is that they aren’t necessarily packaged as executable files any more.  Rather, they can come as text files with JavaScript and use the browser JavaScript interpreter to provide the execution engine.

  Perhaps the most important way these rogue programs work is through trickery.  They can look like legitimate downloads from legitimate Web sites.   When a site asks you to download the latest version of a utility that you use, or patch the operating system or an application, the download may well be something else.

  How does today’s malware work?  It doesn’t delete operating system files, or even benignly spread itself to other computers through your email.  Rather, it looks for passwords and account numbers for you or your company’s accounts, or it searches the network for proprietary information or industrial secrets.

  The upshot is that you won’t know you or your employer have been attacked, either by your virus checker or by your operating system, until your financial accounts are compromised, or your company secrets are in the hands of a competitor.

  What can you do to protect yourself and your computer?  Consider these three steps:

1. Use Microsoft Windows Update, or Microsoft’s enterprise update manager.  Files loaded here for update are legitimate Microsoft files.
2. If your application vendor offers an update from its Web site, confirm with its technical support that the update is legitimate before downloading.
3. Don’t download any third-party file from any Web site.  If you can’t go to the original source of the file, you can do without it.
 

  These practices won’t guarantee the security of your information, but they will go a long way toward safeguarding it.