Lavasoft News - August 2007

Spyware and Malware Threats Forecast

Internet security forecasts can lead us to believe that we are in for some stormy online weather. But being aware of and prepared for dangerous Web conditions may help you to stay safe online.

The experts at Lavasoft have put together a round-up of the top threats that we have been seeing, and unfortunately expect to see more of in the future. From rootkits to various identity theft attempt techniques, our top five threats list will help you to know what to be on the lookout for.

Threat #1: Rootkits
The first on our list of suspects are dangerous because they can hide malware. Rootkits are programs that fraudulently gain or maintain administrator level access that may also execute in a manner that prevents detection. They are extremely stealthy in nature, ranking higher than program kernels. One famous example from this past year was the Sony rootkit fiasco with a recent lawsuit settlement of $750,000 U.S. Other recent examples of malicious rootkits out there include Hack Defender, Apropos adware with rootkit, and Wareout (also known as Zlob Trojans).

Threat #2: Fake Codecs
Fake codecs, also known as Zlob/Smitfraud Trojans (just one of many Trojan techniques), are malware that lures computer users into downloading files that infect their PCs. They masquerade as codecs required to view online videos, then install a fake anti-spyware program which finds fake malware on the system; this is done to lure victims into buying the rogue anti-spyware program. Other victims have received fake e-greetings or instant messages from friends.

Threat #3: IM Vulnerabilities and Attacks
There is no debate about it: instant message-based attacks are on the rise, for AIM, Yahoo, Messenger, and more. Security vendor Akonix Systems recently cited a 73 percent increase in IM threats so far this year. These attacks rely on social engineering to spread malicious code; a link that appears to be from a known contact is sent. Because many people are not informed about threats coming in through this venue – only 3 percent of those polled in a Lavasoft survey were concerned with
IM threats – these attacks are succeeding.

Threat #4: Exploits in Windows, Browsers, and Legitimate Software Applications
In 2006 hackers kicked off the year by releasing zero-day attack code based on a flaw in the way Internet Explorer handled WMF (Windows Meta File) documents. These were followed later in the year by a rash of targeted attacks that exploited un-patched flaws in Microsoft’s Office software (most recently in Microsoft Word in November 2006). This security hole has been patched, but hackers constantly push through to find new flaws to exploit.

Threat #5: Phishing & Identity Theft Attempts
The methods that malware can use as an attack vector, in order to find a way in to your computer and steal private sensitive information, are varied and wide-ranging. This list can include phishing attacks, banking Trojans, password stealers, and downloading Trojans. A key mitigating factor of staying clear of these types of threats is user accountability and education.

Home   arrow

GreenPrint GreenPrint Buy GreenPrint Home for $35
The global IT industry accounts for 2 percent of the world's carbon dioxide emissions - the same amount produced by the world's aviation industry, Gartner statistics show. Over the next 5 years, technology companies will be met with growing financial, environmental and legislative pressure to become more environmentally sustainable, according to a Gartner analyst.

Source: CNET

herdsman with computers
Term of the Month
A bot herder is a hacker who installs malicious software on a PC without the knowledge of the computer user, with the ultimate goal of controlling thousands of compromised machines. Once hackers install their software, they are capable of controlling the infected computers remotely. After they have compromised enough computers, bot herders have a robot network, or botnet, under their command.

Tech Tips
How can you help fight the botnet battle, and make sure that your PC does not end up under a bot herder’s control? Contributing to the problem is the large number of home users whose computers do not have adequate protection and are easy prey for botnet operators. It is critical that home users install up-to-date firewalls, anti-virus and anti-spyware software, in addition to being cautious when going online. If you have been a victim of cyber crime, you can also file a complaint online through the Internet Crime Complaint Center.
Helpful Homepages
Electronic waste or e-waste is one of the fastest growing waste problems. So before you buy that new PC, think about what to do with the old one. Visit or to find out more about recycling your electronics. The Computer TakeBack Campaign focuses on requiring consumer electronics manufacturers to take responsibility for the life cycle of their products, while Earth 911 offers community-specific environmental information for consumers looking to live more responsibly.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Page footer