If you’ve read anything online, undoubtedly there have been headlines about exploits, vulnerabilities, identities stolen and other compromises.
Are you one of the 9.3% using Internet Explorer 10 (IE10)? Hopefully, you keep your software updated, as Microsoft did squeak in a patch last Tuesday. However, if you haven’t, please stop reading this and update it and all other Microsoft patches immediately.
FireEye recently found a combination of watering-hole attack and drive-by download that utilizes the exploit in IE10.
You don’t know what a watering-hole attack is?
Let’s say the hackers find an exploit in a particular browser and they want to use that to infect the computers of people most likely to use that browser. They will find one or more websites that focus on that particular group of people. The hackers will then try to infect those websites with some drive-by download code. This means that anyone visiting those websites will be subject to the download which will infect their computer.
After the websites have been infected with the drive-by download code, hackers will blast out a series of SPAM emails that include a link to one of their infectious sites. The SPAM will be targeted to people in the targeted industry. This is called a watering-hole attack.
Just so you don’t think I’m focusing on Microsoft, these same types of attacks happen on FireFox, Chrome and yes, even on Macs.
Your best defense against these and other attacks is to keep your software updated – constantly. This doesn’t mean just your browser, but all Adobe products, your operating system and all other software programs installed on your computer.
April of 2014 will see the end of support for Windows XP and Office 2003. If you haven’t upgraded these yet, you should make plans. Without support from Microsoft, you will no longer get updates to that software. Hackers know there will be many people refusing to upgrade so not upgrading will make you the “low hanging fruit” for hackers.
In addition to keeping your software updated, please let everyone you know to use strong passwords. This cannot be emphasized enough. About 30% of the websites we clean are the result of compromised passwords. Make it at least 9 characters long and DO NOT use common, related words.
A recent informal survey we conducted shows that many passwords end with either the year, 123 or the exclamation mark (!). If this sounds familiar, please change your passwords immediately.
One other key point that we’ve been “pushing” for some time now is to schedule daily full system scans with your anti-virus software.
If the anti-virus company finds a new virus “in the wild” on Monday, they will analyze it and create a rule to detect that virus. Then on Tuesday, you update your anti-virus software – either automatically or manually, this means your computer is protected from getting infected by that virus from Tuesday moving forward. However, if your computer was infected by that virus on Monday, your anti-virus program won’t remove it until you run a full system scan.
That’s why it’s critical that you run full system scans – EVERY DAY!
If you have any questions, please either email me at: firstname.lastname@example.org or post a comment.
Let’s be careful out there, huh?
Thank you for reading.