Avoiding Malware 2.

Your Antivirus, Firewall and Spyware defense software do a great job stopping  3% of contemporary Internet “Malware” attacks but they won’t stop the other 97%.  That’s your job.

They are known as “Malware” but many of us still call them “viruses.” Strictly speaking, computer viruses are destructive programs that replicate themselves eventually filling the hard drive and killing the computer. Twenty years ago “viruses” were created for the purpose of sabotage mostly by twisted, smart ass “New Age” Luddites simply for the fun of seeing how much havoc they could wreak. Today the Luddites are history, “Malware” is all about money and you can’t make money by killing computers.

97% of all “malware” attacks are accomplished through “Social Engineering,” This is a broad term for the means that malware employs to con a user into performing some action that enables the malware to achieve its purpose. They get users to serve as a tool of their own destruction through a sophisticated understanding of human nature. They appeal to your personal likes, dislikes, fears, greed, sympathy, compassion, paranoia, lust or perversion.  

Teams of highly skilled criminals create these sophisticated “social engineering exploits.”   Once inside your PC the “malware” sets about achieving its assigned tasks using your OS (operating system) and hardware. Their tasks may be to make you a target for ads, guide you to unwanted sites, report your browsing habits, mine your keystrokes for passwords and other personal data, establish your PC as a “robot” in a criminal networkknown as a “botnet,” use your e-mail account, steal your identity or simply extort money from you. 

The way they get you to help them is often very clever. They may impersonate your bank, credit card issuer, E-mail service or a trusted source like Adobe or Microsoft. They may ask you to update your security information, click on a link or contact them by phone. They may contact you by mail or phone requesting that you return their call or click a link. They may contact you by an Email from a trusted friend or an official notice from the IRS, DOJ, FBI, DHS, ICE, CIA or any State or local law enforcement agency. They may contact you masquerading as your water, telephone or electric utility, cable or internet provider. You may get a notice by phone or on screen that “Windows” wants to help you with a computer problem. You may get an Email appeal from a dear friend who has been mugged in Istanbul or Timbuktu and needs money. Then there is the widow of a Nigerian prince who needs your help in getting $35 million out her low rent country. All she needs is your bank account number and password and you get to keep half the money.

Who falls for this kind of stuff? You would be amazed. Perhaps only one person out of a ten thousand will respond to a particular exploit, but if they send out a million copies they’ll get a hundred victims. There are thousands of different exploits, each one aimed at a particular human frailty and there are three and a quarter billion Internet users. No matter how narrow or esoteric the exploit and no matter how tiny the percentage of Internet users that might respond, there are thousands if not millions of potential victims.

They count on the hope that sooner or later your curiosity will outweigh your caution and you will click on a questionable link. It’s human nature. Later, when you bring your PC to us you’ll probably say “I knew I shouldn’t have clicked that link.” It just takes one click and your PC will need professional help. 

Our recommendation is to assume, when on the WWW, that any unsolicited invitation, update offer, warning or service offer is a criminal exploit. Never let any unsolicited service access your PC and never accept a link from an unknown source. If in doubt give us a call.