Threats

The New Breed of Online Security Threats

By Courtney Macavinta

Beth Morrissey, a freelance writer from Williamsburg, Va., works and practically lives on the Internet. She blogs, has a website and is hooked into all the popular social networks. The downside to her life online? Like all Internet users she’s constantly exposed to security threats and has suffered the consequences of being spammed, having her Gmail account hacked and catching a few nasty computer viruses.

“I've been hit with email viruses, picked up a virus while downloading an online PDF,” she says, “been informed that my online banking accounts had attempted to be hacked, and received phishing emails from fake PayPal sites.”

The worst episode was the day a giant black and white swirl appeared on the screen of Morrissey's laptop and turned out to be a computer virus. “I watched it as it ate every one of my desktop icons and then took over the screen so that I couldn't navigate anything.” The outcome: Three-fourths of her hard drive was deleted and she lost a week’s worth of wages as she waited for her laptop to be repaired. She’s not alone: In 2008, viruses and spyware cost U.S. household $6.5 billion in damages, according to Consumer Reports.

“I still consider the week of waiting for repairs and all of the related hassle to have been one of the worst weeks of my life,” she says.

Still, Morrissey is actually one of the lucky ones because she frequently backed up her data and has since upped her security plan. And yet even with her precautions in place Morrissey has been hit by almost every top Internet security threat, according to experts, and there are new threats on the horizon.

Here are the new threats (and long-standing ones that won’t go away) that you need to shield yourself against with the help of tools and savvy personal practices:

1. Threat: Smarter Malware

Malware is everything you don’t want to hit you and your computer: Viruses, spyware, adware, “keylogging” programs that swipe passwords, and other malicious programs that aim to exploit your personal information for financial gain or to simply wreak havoc. You can get hit with malware through email, pop-up ads, screen savers, downloads or tainted websites. Though malware is nothing new, it is now getting smarter experts say to keep duping online users.

“It used to be in the old days if you were getting a bunch of pop-ups or being re-directed to a new homepage that it meant you were infected,” says Michael Kaiser, executive director of the non-profit National Cyber Security Alliance (NCSA), which runs the consumer education site StaySafeOnline.

“The fact is that the malware is more malicious and it's less likely to be seen in your computer's behavior,” Kaiser says. “Consumers may also see rogue anti-malware programs, such as pop-ups that look like a security message and direct you to buy a program to clean out your system. Some of those sites may actually be malware sites or extremely low-quality antivirus spyware programs.”

2. Threat: Evolved Botnets

If your computer gets snared by hackers into a botnet, it means that unbeknownst to you criminals have added your computer with a virtual network that attacks websites with floods of traffic to crash them. Being caught in a botnet could also mean hackers are stealing your personal information. You often get swept into a botnet via malware -- they work hand-in-hand together. The way that hackers structure botnets is becoming more sophisticated and harder to detect.

3. Threat: Vulnerable Web 2.0 and Social Network Sites

Web 2.0 services make many web tools more compelling and helpful -- such as those YouTube videos you see everywhere online. However, experts say it can be hard to configure these services to be totally secure from vulnerabilities. According to a 2009 report by the Secure Enterprise 2.0 Forum, threats can include increased phishing appeals (which try to get you to forfeit personal information on fake websites) or Web 2.0 code being exploited by hackers, which happened to Yahoo HotJobs in 2008. In that case, hackers could compromise people’s stored information on the site.

Even social networks are getting hit with phishing messages or malware-laden spam. “When there is a successful new application that drives a large volume of users, a cybercriminal will try to take advantage of it,” Kaiser says. Also on social network sites people are apt to simply post droves of personal information that can be exploited by someone to get into their bank account, for example.

Security Tips:

To protect yourself and your family from the new online threats, here are some strategies you can put into place.

• For starters, keep your security system updated. This applies to your antivirus/antispyware/firewall software, operating system security and web browser security programs. Set your software and programs to automatically update with the latest protections. “If you don't get that frequent update, you're not going to be protected,” Kaiser says.

• Don’t follow the trail of pop-ups or links in unsolicited emails -- ever. If you get a suspect pop-up, close it and immediately run your updated security software.

• Change your passwords frequently and make sure they are long, don’t include your personal information and include numbers too. Kaiser suggests coming up with unique letter and number combinations of something like your favorite song title, for example, which can’t be easily guessed (just don’t post it on your social network profile!).

• If infected, use your security software or the vendor’s website to help you remove malware or get assistance at non-profit sites like BadwareBusters.

• To behave more consciously online, use the NCSA’s three W’s. Before posting on a social network, ask yourself: 1. Who will see this? 2. What is the value of sharing this information or photo? 3. Why do I want someone to see this information? “This is all about having the right tools and using good behavior,” Kaiser notes.

The good news for Morrissey has learned how to protect herself from online threats and become more conscious of how she could be at risk. “Sometimes it's a hassle,” she says. “But then I remind myself that I never want to go through another scare again and that it's better to be safe than sorry.”