(One out of) Ten Ways to Dodge Cyber-Bullets

It’s that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published Annual Global Threat report and November Threatsense report, but we thought it might be nice to post some of the information in one or two of those top ten lists here for those who may find the length of the full reports a little daunting, as well as a taster for those who don’t. Rather than simply reproduce those lists, we’ll consider individual items at more length over the next few days.

Perhaps one of the more useful ideas that was tossed around was a top ten of things that people can do to protect themselves against malicious activity. This is the item that we pretty much all agreed should be top of the list.

Disable Autorun in Windows: this facility is consistently exploited by the class of malware ESET detects as INF/Autorun, among other threats. We’ve been considering this issue in detail for quite a while, now: for instance, in Randy Abrams’ blog here. That class of malware has been consistently at or near the top of our monthly worldwide top ten reported threats as long as I’ve been tracking them. Don’t assume, though, that that single precaution will save you from every example of that type of threat. Most malware uses more than one technique to infect targeted systems.

Another item that didn’t feature in that particular top ten was password stealing malware that targets online gamers, which was another main contender for Public Enemy Number 1 in 2008 (we use the consolidated detection label Win32/PSW.OnLineGames): while there is no single, simple fix for this type of malware, either, gamers should be aware of the need to (a) run security software (b) be aware that there are people out there bent on tricking you into parting with information that will enable them to steal your virtual assets and sell them on in the real world. 

More later.

David Harley
Director of Malware Intelligence

Author David Harley, ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.