The threat of malware is one that is increasing year after year, and has been doing so steadily. Scams of one sort or another are increasingly being seen on social networking sites and mobile application markets. As ever, you can reduce the risks to yourself by deploying anti-virus programs and keeping them up to date. Their ability to detect suspicious activity has been getting better and better as heuristics improve.
The problem is that no security program can be guaranteed to provide protection against every threat. The playing field is in constant flux as new vulnerabilities are found, exploited and patched. In general, the best things you can do to protect yourself are to deploy a little common sense, and to keep yourself informed about what you should be looking out for.
The Top Four Threats
The top sources of malware infection at present are a mix of new and old infection vectors:
Social Network-based Scams
Of the four, the fake anti-virus, or scareware, is perhaps the most familiar to anyone who has been around a while, while social networking-based scams are effectively a form of phishing attack. Far more problematic at present are the browser extension and mobile application scams – in large part because of the higher levels of trust that people have for software in those areas.
New Malware Vectors
With an estimated 85% of US adults now owning a mobile phone, it perhaps shouldn’t be a surprise to find that mobile phones are a rising target for malware developers. With the rapid increase in the numbers of smart phones, more people are being exposed to mobile malware. Fortunately the official mobile applications markets have proved to be quick to respond to rogue applications, so the one main outbreak to date was rapidly shut down. Unfortunately the alternative applications markets remain a source of “repackaged apps” which can often be Trojan horses.
The popularity and perceived safety of mobile apps in the public eye is largely to blame for how otherwise wary users have been taken in by malware authors. It’s a similar issue for people caught out by rogue malware browser extensions. By and large the names and appearances of these packages are innocuous enough, but they share a common purpose with each of the other items on this list.
Each of these schemes is purely and simply aimed at gathering personal information for the purposes of illicit financial gain. Whether they act as keystroke loggers, redirect searches to rogue affiliate marketing websites or piggyback on the back of active browser sessions to insert adverts, they all exploit people’s desire to get something for nothing, or at least very little.
The lessons to be learned in each case are a reminder to read the installation instructions, or permission requests very carefully, and if you have any doubts to research the application, or the video plug-in, or the extension independently. Keep your anti-virus software up-to-date, and make sure that any patches for your computer or device are applied as soon as possible. With a little thought, keeping yourself safe from malware shouldn’t be a chore.