Those sexy celebrity photos can kill your sleek $2000 laptop in an instant. The laughter you’ve had watching those hilarious videos you got from the email can cost you dearly. Many experts have warned us that the Internet is a gigantic security minefield and if you put your foot on the wrong place, you’ll get in a big trouble. You may do everything to protect your PC and still be invaded by a sneaky malware. These are some hazardous things users often find in the Internet:
Malicious Flash Files
Malicious coders have been targeting Adobe’s Flash for many years, forcing Adobe to release numerous security patches. One little-known risk is Flash cookies, small package of data that developers often use to store Flash-related settings. Just like normal cookies, Flash cookies can track your online activities too. However, deleting Flash cookies is not as easy. To repel Flash-based attacks, you should regularly update your Flash plugin and make sure that you get a prompt for each Flash cookie download.
Simplicity, that’s what we like about Twitter. Unfortunately, scammers have the same idea, since Twitter may rely too much on link shorteners. They help you to simplify long, complicated web addresses. Of course, that would be helpful, but it can also be used to hide scam or malware. A brief description may tell you that the short URL will go to a trusted site, but what you’ll get is a Trojan horse.
Don’t use shortened URLs too often, although it may ruin your Twitter experience. Some apps like Tweetie for Mac and TweetDeck allow you see the original URL. Other URL shortening services can filter malicious links and TinyURL can give you a preview of the site.
Infected email attachment and phishing messages are nothing new, but cybercriminals are continuously improving and evolving, to the point that occasionally even security expert finds it hard to distinguish bogus messages from the legitimate ones. An email may look like a real Amazon’s order confirmation, but there could be something wrong with the sender’s email address. Never trust any attachment, unless you’ve been expecting it and you know the sender. If possible, go to the site directly by typing the URL in the address bar, instead of clicking links inside the messages.
Torrent sites are commonly used to share pirated software, videos and music and they are excellent breeding grounds for malware. If no one vets the files, it is possible that some or many of them are infected with malicious codes. Many experts believe that by simply visiting torrent sites, you may already infected by a malware. Given their dubious, untrustworthy content, it is best to avoid any torrent site. If you’re still determined to use them, open torrent sites only on an older, secondary PC and never copy any files to your primary computer. Even a regularly updated antivirus can’t protect you all the time, because recently released malware is often tricky to catch.
Porn sites are definitely more risky that normal, mainstream sites and there’s no doubt that visiting a site with ill-reputation can be very dangerous. If you have the habit of visiting porn sites, at some point, you’ll be attacked, without your knowledge. Many porn sites are actually honest, legitimate businesses that work like other normal sites, but it can be difficult to tell if a site is completely legit. Be wary of video formats that require special or obscure codecs. McAfee’s SiteAdvisor and AVG’s LinkScanner can effectively weed out questionable sites. Avoid porn sites entirely, but if you insist, visit them only on a secondary PC, never transfer any picture or video to your primary computer.
Some video sharing sites require you to download a special video codec, an application that helps you to run a video format on the PC. Most of the time, codes are perfectly legit, but unfortunately, some malicious people modify a common file format (such as .avi or .wmv), so it can only be played after a malware-ridden codec is installed. You should stick with popular video sharing sites such as Youtube and Vimeo, while TV.com, Hulu and BAC.com can help you to catch up with favorite TV shows.
There also cases where malicious coders exploited holes in popular video players, like QuickTime Player. “Modified” video files may trigger flaws in your favorite player software, which may open the path for other more dangerous malware. Make sure you have an updated player software. Microsoft and Apple, for example, release patches regularly for Windows Media Player and QuickTime.
The smartphone market is quickly growing and so are the security risks. One common concern is the abuse of geolocation technology. Although this technology can be handy in many situations, there are possibilities of inappropriate usages. For example, an Android game, published on the Android Market, was actually a spy app, which can track your location using your phone’s GPS feature. A security expert once ran pleaserobme.com, as an effort to raise awareness about the danger of geolocation. You should be particular about the geolocation services, apps and sites you use. For example, try to weigh in the implications and risks of Facebook’s Place feature and FourSquare, and determine the right amount of information you want to divulge.
‘Poisoned’ Search Engine Results
Many search results on search engines have been deliberately tainted to make sites with malicious payload to rank higher. You shouldn’t blindly click on a search result and the URL should lead you to site you want. If you need to choose, go to popular sites in the search result such CNN.com, instead of clicking an unknown site.
Malicious PDF Files
As Microsoft has steadily improved its security mechanism since the release of Windows 7, cybercriminals are attempting to find better ways to infect your computer. For years, poisoned PDF files have been used to take advantage of known bugs on older Adobe Reader versions. Unfortunately, many people are still using Adobe Reader 8 or below.
This may allow someone to control your PC and access your critical information. It is a serious risk, because nearly half of web-based attacks involve PDF files. It is important to use only the newest versions of Adobe Reader or Foxit Reader. This step can only minimize PDF-based attacks as newer malware may still penetrate your defense. Latest Adobe Reader updates handle non-PDF attachments differently, which can prevent many potential attacks. It is better to disallow Adobe Reader from opening non-PDF attachments in the Preferences>Trust Manager.
A file can be downloaded or installed without your knowledge. It can happen just about anywhere. Some sites are specifically designed to lure Internet users into receiving drive-by downloads. Your only chance to prevent drive-by downloads is by using an updated security software, which can flag suspicious downloads.
Many fake antivirus programs act and look like the real one, complete with genuine-looking alert messages. Often, the first indication that the software is fake, is the presence of typos. Fake antivirus software can be considered as extortionware, which will nag you until you buy the costly full version. In most cases, this software provides limited or no protection, and worse, some of them may actually infect you with malware. The danger doesn’t stop here, once you buy the software, these criminals may reuse your credit card information for buying expensive items under your name. You can get fake antivirus in several ways, including drive-by downloads. If you get a virus alert message, from software other than your primary antivirus, you should immediately turn off your computer. Restart your computer into Safe Mode and scan it thoroughly with legitimate antivirus software. However, there is a chance that some of malware is undetected, because some of the pieces don’t behave like typical malware. This could render behavioral detection completely useless.
Of course, ads aren’t bad. They help us to get free services, like Google Search, YouTube, Facebook and many others. But malicious people may use ads to lure innocent people. Even trusted sites like New York Times, once inadvertently ran ads from scammers and Google’s ad program was also manipulated by a less-than-scrupulous company a few years back. Bad guys are getting really clever and they can trick major sites to publish fraudulent ads. It is recommended to click ads only from major online advertising networks, because although they were involved in cases of fraudulent ads, it is quite rare.
Fraudulent Facebook Apps
Security experts have voiced their concerns on Facebook apps. It’s sometimes impossible to know who developed the ads and what they would do with the data they are collecting. Although apps ask for your permission before they can access your personal data, you’ll never know whether they will use your data legitimately. You should review your Facebook settings and make sure your privacy settings can protect you adequately. For example, you can determine which apps can access your data and which friends can see your personal information. Be selective with the apps you want to use and you don’t need to take every quiz you see.
Sites that Sell your e-Mail Address for Spam
Many sites blaring enticing ads, get a free notebook! A free iPod! A free smartphone! It seems so easy! These sites may not be risky in the security sense, for example, they won’t infect you with malware, but they can gather your personal information and sell it to other companies. Always read the privacy policies and beware of any loopholes, for example, although they won’t divulge your information to third parties, they may give it to “affiliates”.
A New Generation of Phishing
Malicious shortened URLs and Facebook apps are not the only social network hazards. Social network sites give rise to a new kind of phishing. Scammers might use someone’s Facebook account and lure his/her friends to click a fraudulent link, which opens the possibility to hijack more Facebook account. The link may entice users to get interesting videos, free deals or tips to customize their Facebook profiles. You shouldn’t trust every link, although it is sent from your spouse’s account. A good indication is if the message composition style used is unusual for the person. Checking the person’s Twitter @- replies and Facebook wall can give you a good indication, whether his/her account has been hijacked. If believe that your account is sending out messages without your knowledge, change your password immediately. There are resources for Twitter and Facebook users to keep them updated with latest threats.
Sharing too Much Information
Once in awhile, you see a friend on Facebook and Twitter divulges more information than it is necessary. Sharing too much information can eventually make your life uncomfortable. Unfortunately many people do not understand about the risk of oversharing on social networks. Younger people, for example, may publish even the smallest detail of personal information, without realizing that 500 million Facebook users can see them. Oversharing can cause severe privacy problems further down the road, for example, when a group of malicious people are harvesting data from accounts that share too much information to the public and use it to make fraudulent credit card applications. It is important to share minimal information in social network, for example, don’t publish home address and phone numbers in Facebook personal information. Just be very mindful with what you want to share and just a little restrain can go a long way.