Internet Security Isn’t Getting Any Prettier

Malicious software (malware) is, in many ways, very well understood. Security experts know how it works and why. Cybercriminals’ motivations are pretty straightforward—making money from malware and related attacks.

In the latest McAfee Threats Report: Q3 2012 , malware is still growing and while it’s not growing quite as fast as it was in previous quarters, the amount of malware still topped 100 million samples.

Besides the large growth in mobile malware , there has also been an increase in the tactics that cybercriminals are using to attack you. Some of these techniques include:

Autorun Malware
AutoRun (also known as AutoPlay) is a feature in Windows systems that dictates what action the system should take when a device is connected to your PC. So when you connect your USB drive or insert a DVD into your drive, AutoRun is what will automatically open or in some cases play what is on these devices. Cybercriminals use this feature to automatically install malicious software when an infected USB or other removable device is plugged into your PC. What makes AutoRun scary is it requires no effort on your part to click any links. This is a “plug and play” malware and can even come on products shipped right from the factory such as external hard drives, USB drives and LCD picture frames.

Mac malware
With over 350 new samples in Mac malware in Q3 2012, the growing popularity of Apple products has inspired cybercriminals to create malware that will harm Macs. McAfee Labs is seeing fake antivirus programs targeted at Mac users. In other words, there are an increased number of programs known as “scareware,” which claim to protect users from viruses and malware but users who attempt to install the supposed antivirus software are actually downloading malicious software. This malware can damage your Mac or compromise your personal information.

Ransomware malware typically accuses you of visiting illegal websites, locks your computer then demands a payment to unlock the device. And even if you pay, you are not guaranteed to get access to your files and now the criminal has your financial information.You can get “infected” with ransomware in a myriad of ways, including links in emails, instant messaging, texts and social networking sites, or by simply visiting a website that can download the malicious software on your computer. With a 43% growth this past quarter, ransomware is definitely something to watch out for.

The past quarter’s threats report has shown cybercrime exhibits few signs of slowing down, and cybercriminals using more tricks to steal your money. To help protect yourself you should:

Keep your operating systems updated on all your devices

Be selective about websites you visit and use a safe search tool like McAfee SiteAdvisor® to warn you about risky sites before you click

Avoid clicking links in emails, text messages or instant messages, especially from people you don’t know

Stay educated on the latest tricks, cons and scams designed to fool you

Use comprehensive security software like McAfee All Access that provides cross-device protection for all your PCs, Macs, smartphones and tablets


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

No Surprise—Ransomware On the Rise

McAfee’s latest Threats Report shows a 1.5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012.

With the malware growth rate up nearly 100,000 per day, McAfee has identified these key variations of malware affecting everyone, which include, mobile malware, Twitter hackers web threats and specifically ransomware.

Data can sometimes be held hostage with the help of “ransomware,” also known as “ransom software.” This software infiltrates your com­puter when you download an infected attachment or clicking a link within the body of an email. You can also get ransomware simply by visiting the wrong website, in what is called a “drive-by.”

Once your computer or mobile device is infected with ransom­ware, it locks down your files to prevent you from accessing them and gives a hacker full control of your machine. Sometimes the ran­somware poses as a “Browser Security” or “Anti-Adware” security product whose license has expired. Computers running Windows that are infected by ransomware are confronted by a full-screen message that resembles a Windows “error alert”.

Ransomware is not common, but it’s definitely a rising malware threat. The best way to avoid ransomware is to make sure that your computer is running the most current version of your operating system and has updated antivirus software. It’s also very important not to click on links in the body of an email or visit unfamiliar websites that may contain viruses that will attempt to inject them­selves through any security vulnerabilities in your browser.

As PC malware writers master their craft, they are transferring their skills to other popular consumer and business platforms, such as Android devices. After the mobile malware “explosion” in Q1 2012, Android malware shows no signs of slowing down, putting users on high alert.

While malware most typically affects PCs due to Windows software, malware can be written for any operating system and platform. Cautioning all Mac fans they too are susceptible to malware, the McAfee Threat Report notes Mac malware’s steady growth, with more than 100 new samples over Q1 2012.

Users must understand how criminals use psychology with lures of easy money. The most effective way to protect yourself is to install a full suite of security protection on your computer so your money and your information remain guarded.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)