20 Years Malware in one year!

[nihil]

Article is here:

http://www.insidebayarea.com/sanmate...mes/ci_7720662

"We basically had 20 years of malware in one year," Runald said. "They're not all botnets, obviously, but a lot are."

Scary stuff?

[ShagDevil]

First off, good find Nihil.

Linda Little, 59, of Woodland Hills said she's a thorough shopper who uses the Internet to read consumer reports and compare prices

My PCs all have the latest software," she said. "I check my firewall. I check my updates."

Something tells me that Linda Little just doesn't understand what the actual problem is nor what to look for.

"No major bank is going to say: We've lost your password or we're resetting it, please send us a new one. That just doesn't happen.

aha! But why do people still fall prey to these scams? Hmph. I'm curious. Which firewall and/or antivirus product will give me that bit of knowledge? Will strong passwords tell me that? How about a 5 star spyware program? Microsoft patches?

I wonder if anyone else gets my gist here?

[nihil]

Hi there ShagDevil,

I thought it was interesting as we get all these sort of statistical analyses around this time of the year

The second point is interesting, as it emphasises the traditional "fraud" or "confidence trick" aspect of this sort of activity.

If you are naive, careless and clicky clicky you will get in trouble no matter what hardware and software you use.

None of that will defend you against social engineering, just like the scams of pre-computer days.

As for the first question.............. well, current software, and safe surfing is one thing and a well configured firewall is a help. But what about XSS, hijacked banner ads, MITM, drive byes and so on. I guess that it depends where you surf and how you go about it, as I know lots of people who have no problems.

The lady sounds like a lot of people who think that they can rely on technology rather than common sense?.............. I bet she logs in with an administrator account

[AngelicKnight]

The lady sounds like a lot of people who think that they can rely on technology rather than common sense?.............. I bet she logs in with an administrator account

Yeah, I see that all the time. They think ZoneAlarm makes your PC an impenetrable fortress.

But hey, this is job security.

[ShagDevil]

If you are naive, careless and clicky clicky you will get in trouble no matter what hardware and software you use

Yep. My sentiments exactly.

No major bank is going to say: We've lost your password or we're resetting it, please send us a new one. That just doesn't happen

This is what people need to know. Forget all the damn bells & whistles.

But hey, this is job security

LOL!

[nihil]

Hi there ShagDevil,

I was just browsing through some of the security sites I subscribe to, or use, and found this item. It struck me as interesting as it shows the way malicious activity has changed on the internet very recently. No more showing off uber leet skills, just commercial and professional.

I know there are the BS ivory tower types that argue about this, but I am a realist, I deal in real life attacks, not academic bullcrap.

The other one that I thought worth a mention was the Oak Ridge National Laboratories fiasco (see my other thread). They should not be connected to the internet on a system with sensitive or classified information on it. They should not be allowed to turn a damn computer on unless they can pass a fundamental security awareness examination.

And what the hell is access to personal financial data that is 17 years old doing on a live system. Hell, who do they think that they are the friggin CIA? or FBI? If you need that stuff it should be archived and on a closed network.

Someone needs to be fired, "pour encourager les autres", which is the French way of saying that: "the floggings will continue until morale improves"

Hey, is is just as bad over here.............. a few weeks ago I reported our equivalent of your IRS had lost personal data on 25,000,000 taxpaying family members. I think their third boo-boo in as many months

How can these people even talk about "National Security" and keep a straight face, let alone expect us to believe them, and agree to their proposals?

All I can say is I am glad that I am not working PR for their IT function............ talk about "Mission Impossible"

[delstar]

I don't run any anti-virus or firewall software on my home system. The only firewall between me and the internet is the one provided by a cheap router. I am constantly browsing all corners of the web and downloading/running all kinds of content. Yet, I haven't had any sort of malware infection in years, and I rarely get SPAM (comparitively).

I've just learned how to avoid it rather well through various means. Not using IE, turning off javascript/java on questionable websites, turning off services that aren't needed, etc. People just need to learn a few simple rules and malware wouldn't be a problem. It's getting them to pay enough attention to do these things that's the problem.

[zallison]

Convenience is the key here.

Syamntec, McAfee, and others stay in business by making people believe the annually recurring fee they charge will protect them.

Phishing filters, spam blockers, spy ware scanners... snake oil.

I will admit that I use virus scanners, but I also know how to secure my home pc.

The problem we face with the mass is that its not convenient to learn. Its more convenient to spend $$$ and pretend they're protected.

[Cider]

WoW scary article. Doesn't it just make you want to buy a top notch AV program with all the online security features? ...

[Alec Empire]

Not using IE, turning off javascript/java on questionable websites

The first few sentences of your post sounds similiar here but I, for one, think IE is alright. I've grown to hate Firefox for reasons that have nothing to do with the browser itself.

It was touted as "more secure" sometimes even so far as "a security device", in opposition to being just a browser. And in the end this attracted alot of users whom I fear I'd somehow compair myself to by using that silly browser.