AVG Threat Report: Are YOU Vulnerable?
The AVG Technologies Q2 2012 Community Powered Threat Report is out, giving us new insights into the tactics of hackers, scammers, and malware distributors. It contains some interesting milestones, trends, and facts you should keep in mind. Here are some of the highlights of the AVG Threat Report...
What's in the Latest AVG Threat Report?
AVG is a computer security software company whose free and paid products are used by millions around the world. The AVG Community Threat Report is based on data collected from users participating in the AVG Community Protection Network over the past quarter. It provides an overview of online threats from the web, mobile devices, and spam.
By way of disclosure, I'll admit that I'm a satisfied user of the free AVG Anti-Virus product. However, I don't actually recommend one security product over another. I do encourage you to read both Free Anti-Virus Programs and Which Anti-Virus Software is Best? to help you choose one that suits your specific needs.
Here are some of the findings in the AVG Threat Report that I think you'll find interesting, or at least cautionary:
Android has become a favorite target of hackers because Google's mobile operating system now has 59 per cent of the smartphone market. AVG reports its first Android bootkit, "DKFbootkit," which masquerades as a legitimate app while replacing the phone's Linux kernel with malicious code. The bogus app asks the user to authorize several privileges using arcane prompts that most users don't understand; they just click "OK" and continue. The result is a "zombie" phone over which the remote villain has complete control.
China has become a leading source and target of malware, with Trojan-laden spam referencing the Tibetan political situation hitting computers and phones throughout China, Japan, Taiwan, South Korea, and the United States. The email attachment contains an executable program that collects sensitive user information, downloads keylogger malware, and updates the Trojan's signature to thwart detection. But you already know you're not supposed to merrily open just any attachment that happens into your inbox, right?
The latest malware uses sex and fear as attack vectors. The LizaMoon mass injection SQL attack uses both to obtain users' cooperation in its installation. You may find yourself on a Web page that urges you to "click here to view celebrity sxx videos." If you click, you'll be urged to click again to "update your Flash player." There is no video or Flash update; clicking just gets you a free infection.
"Beware of Cheap Imitations..."
You've heard it said that imitation is the sincerest form of flattery. Turns out it's also an effective social engineering tool to spread malicious software. Rovio's popular "Angry Birds Space" game is being mimicked by malware authors. The game is fully functional, so victims have no clue that it also carries a Trojan. It uses the GingerBreak exploit to root the phone, enabling the downloading of more malware, enslavement of the phone to a botnet, modification of files, and tampering with URLs.
Similarly, fake antivirus "free scan" sites download and install malware while seeming busy disinfecting your machine. You may even get a followup message demanding money to remove the malware that the site installed. See my related article Virus Alert: Fake Anti-Virus and Celebrity Scams for some tips on how to avoid these wolves in sheeps' clothing.
Spoofed emails from the FBI inform that reader that he's been caught violating a fictional "Neglectful Use of Personal Computer article 210 of the Criminal Code." Opening an attached file for "more information" installs malware that locks up the user's system. The email demands a $100 payment via untraceable wire transfer to unlock the machine. Of course, that's not how law enforcement works. But a guilty conscience can spur a person to do something stupid.
One other fact in the report that I found intriguiging was that almost 11% of all malware is distributed via portable flash drives. Be extra careful of "lost" flash drives laying around, or the freebies that some companies give away like candy at trade shows. See my article Is Your Flash Drive Infected? to learn how to protect against this threat.
AVG's full report (32 pages) discusses these and other new threats. It's primarily of interest to security researchers, but educating yourself about the types of threats that are in common use can help to keep you safe. The bottom line is that eternal vigilance is still required to avoid being victimized by hackers.
Do you have something to say about defending against malware threats? Post your comment or question below...
This article was posted by Bob Rankin on 30 Jul 2012
|For Fun: Buy Bob a Snickers.|
Ten Video Editing Tools
The Top Twenty
Google Fiber: Ultra-Fast Internet
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- AVG Threat Report: Are YOU Vulnerable? (Posted: 30 Jul 2012)
Copyright © 2005 - Bob Rankin - All Rights Reserved