Hey Harry, want to go phishing?
If so, check this out:
Are you one of the lucky computer-using people that – in a split second of an overdue update – got hacked and lost all of the money that you had in the bank? Well, you too can become a hacker and pick up some extra bucks. And, unfortunately, it isn’t even that hard. With just a little technical experience, a person can go online and find the necessary kits for hacking personal computers for fun and profit. Do you want to steal some sensitive government documents? There are kits for that, too.
Symantec , a top computer security company, released a report this week, stating that attacks played a role in creating over 286 million varieties of malware last year, and HP, one of the leading computer hardware manufacturers, reports that because the kits are so easy to use and are so successful, they are extremely popular.
In addition, the quality of the online kits is getting better. “Attack kit developers are also improving the quality of their software”, says Mike Dausin, who manages advanced security intelligence for HP’s DVLabs division. “They put so much effort into streamlining it, just as a normal software development company might,” he says. “They’re very professional, very focused on making money.” It’s not an entirely unexpected development: last year, security researchers predicted the growth of the cybercrime service industry.
The latest versions of attack kits are traded online for anything from $500 to $4000 and sales have grown from two to seven percent of the criminal online economy.
“This booming business has helped attack kits spread far further than before”, explains Alen Puzic, a security researcher at HP DVLabs. “A few years ago you pretty much had to know the author of one of these toolkits in order to get one, but these days there are resellers, forums and even online stores.”
The software can help the attackers create their own form of malware and target certain victims with it, such as bank account and credit card theft. For instance, let’s say a bank site is hacked. The malware is going to be modified on your computer, not the bank’s servers. You look at the URL, you go to the URL and everything seems legitimate. But it’s not.
Now that spammers know the e-mail addresses that are linked to certain brands, they use kits to trick people into giving away more information than they should. An attack like this is known as “spear phishing”, because the leaked details help attackers to focus their effort (“sharpening their spears”).
If you don’t want to buy a kit, you are probably more interested in protecting your computer from one. Here are the main two things:
1: Keep all of your patches up to date. A patch is a piece of code inserted – or patched – into an executable file, such as AVS.exe. It is there to fix a program bug. If your patches are old, it’s easier for an attacker to get in to your system; their kits probably aren’t new enough to penetrate a new patch. At least you hope not. However, when downloading or installing patches, you must be careful to ensure that they are, in fact, patches that are actually needed on your computer. If a pop-up tells you that an update or patch needs to be installed, it’s often best to go to the source and verify the truth of that assertion. For example, if you get a message that your security software needs to be updated, it might be best to open the program and check for updates there.
2: Don’t click on a link unless you are 100 percent sure you know who it is! I can’t stress this enough; I can’t tell you how important this is! Just an FYI: I don’t click on any links e-mail-wise anymore. Seriously. All of the new types of malware look so authentic; it’s just not worth it. If the link looks real, then I’ll go to the site that sent the e-mail and check out the sale or whatever it is that they sent me. Although I guess I am going to have to watch out for that too, thanks to these handy-dandy kits.
Enough already. I can’t click anymore, I have to “patch” things when I don’t even know what program needs one…it’s just so old.
I think I’ll be playing a lot more Solitaire offline in the future than I thought. Hah! And I thought my days were ho-hum now.
Have a great week!