Understanding the anatomy of a malware attack can go a long way toward protecting your computer and yourself from cybercriminals.
In the old days — pre-2000 — hackers hacked for fame and fun. But for today's cybercriminals, it's not about the "lulz," or the laughs — it's about the money.
Last year, one organized-crime group made $330 million from fake anti-virus ("fake AV") software, said Chester Wisniewski, senior security adviser at the Canadian office of British security firm Sophos.
"That's an average of $120 a sale," said Wisniewski, who was attending a security seminar in Salt Lake City. "And I can tell you that that's a lot more than legitimate companies get."
"No one is immune," Wisniewski said. "I hear this all the time: 'I'm a safe surfer.' 'I don't visit "those" kinds of sites,' referring to porn and gambling, 'so my computer is safe.'"
"Wrong," said Wisniewski. "Do you visit CNN.com or the Washington Post?"
Sophos Labs examines 35 million infected Web pages each day — and it estimates that 85 percent of infected websites are legitimate sites that don't know they've been compromised.
Gateway to malware
Criminals hijack these trusted sites to plant links that siphon people to not-so-legitimate sites hosted by illegitimate Web-hosting companies, known as "bullet-proof hosts" for their ability to evade the law.
It's usually from these secondary pages that hidden software can be injected into your computer without your knowledge — a process known as a "drive-by download" — but sometimes legitimate sites infect your browser as well.
So while sticking to trusted sites won't guarantee your computer's safety, another kind of behavior is much more effective.
Constant vigilance about updating your computer's operating system and applications — especially Web browsers and anti-virus software — will help prevent malicious code from entering your computer, whether it's a PC or a Mac.
Sophos is now seeing three or four new variants of Mac viruses every day, Wisniewski said, which is almost nothing compared with the 100 daily new Windows variants.
However, 90 percent of Windows users have up-to-date anti-virus protection, he said, while just 2 percent of Mac users do.
Coincidentally, Wisniewski said, each group of unprotected users is about the same size, making them equally vulnerable to attack.
False security alerts
Once it's inside your computer, there are several things that malware may do. These days, the most common thing may be for the malware to generate a false infection alert, in order to scare you into buying fake anti-virus software.
"We're seeing that these programs are starting to emulate a lot of free [security] products, such as Microsoft Security Essentials," Wisniewski said.
Each kind of fake AV attack starts out with the same sort of pop-up alert about your bogus malware infection — "We don't know what it is, but it's really bad," in Wisniewski's words.
If the user clicks on the pop-up, the next window will show a list of 20 or more anti-virus vendors. Mixed in with the big names are several unknown brands, which just happen to be the only ones that claim to be effective against the "unknown" problem.
If users purchase the software, their credit cards will be charged, their card information will be compromised, and the "software" won't work — at best. At worst, it could open up your machine to even more real malware.
'Extreme' alerts add porn
To create more pressure to buy, one variant of fake AV launches porn photo pop-ups on the home screen until you give in and pay for the software.
"Even experienced computer users have been taken in by this one," Wisniewski said. "In their panic to get the pictures off their screens, they push the 'buy' buttons."
The porn disappears as promised, but the malware remains in the computer.
Remote control
Infected computers can "call home" to their command-and-control servers, which can instruct them to become part of a criminal network — a "botnet" — for spamming and other purposes, all without the owner's knowledge. The computer has been turned into a so-called "zombie."
If you have noticed anything unusual on your computer recently, including suspicious security alerts, manually update your genuine anti-virus software and then run a security scan.
If the scan doesn't find anything, use a free secondary AV program such as Malwarebytes' Anti-Malware. (Mac users can use Sophos AV for Mac, also free.)
It's probably best NOT to search for this or any anti-virus program on a search engine such as Google. Spoofing legitimate vendors' pages is another trick that criminals use.
Instead, go to www.download.com and type in "Malwarebytes." Anti-Malware should be the top search result with version 1.51.1.1800, added on 7/14/11. (The same works for Sophos — just make sure you check the box for Mac software.)
You might also try a system restore that will return your computer back to an earlier, and hopefully uninfected, state.
Malware manipulation
Instead of exploiting a system or software vulnerability, some criminals prefer to trick you via email, Facebook, Skype or other Internet service.
A lot of the scams work using so-called social engineering, a fancy name for psychological manipulation.
For example, one current scam targets paying users of AOL email accounts.
Users are getting emails asking them to update their accounts, but the update involves providing the email sender with their credit-card numbers, bank routing numbers, ATM PINs, driver's license numbers and Social Security numbers — all signs of a classic identity-theft scam.
AOL has asked that customers NOT respond to these emails, and to instead forward them to abuse@aol.com.
(By the way, if you're still paying for an AOL account, you can stop paying right now. AOL has been free since September 2006 — the company just hasn't told all its customers. Call customer service and switch to a free account. This will not affect your service.)
Protection
Along with anti-virus protection, Wisniewski recommends that people eliminate known vulnerabilities from their computers.
For instance, remove programs that are out of date, such as Winzip, Real Player and Adobe Shockwave. Remove add-on toolbars from your browsers and disable the auto-run function for Adobe PDF Reader.
For Wisniewski, it's like childproofing your house before the baby starts walking or the grandkids come to visit.
"Treat your data as if it were your child," he said.