Defending Against Malware and Trojan Horse Threats

Malware—software written to infect private computers and commit crimes such as fraud and identity theft—has become big business in the cyber underworld. As a result, if you use a computer for web surfing, shopping, banking, email, instant messaging, and gaming without proper protection, you are putting yourself at high risk of being victimized.

By exploiting vulnerabilities in operating systems and browsers, malware can sneak malicious Trojan horse programs onto unsecured PCs. Unsuspecting and unprotected users can also download Trojans, thinking they are legitimate game, music player, movie, and greeting card files. Trojans can also lurk in files shared between friends, family, and coworkers using peer-to-peer file sharing networks.

Trojans have traditionally hidden in worms and viruses spread by email, but they’re increasingly showing up in instant messages and onPDAs and cell phones. Organized crime rings have devised insidious new ways of delivering Trojans, and consumers must stay informed of the latest tricks. Protection against these multi-faceted attacks requires integrated anti-virus, firewall, and anti-spyware technologies. Below are the top 10 things you need to know to protect yourself against malware and Trojan attacks.

What Do Trojans Do?

Today, Trojans can be spread by browser drive-bys, where the program is downloaded in the background when you simply surf to a rigged web site. Shell code runs a Trojan that downloads additional payload code over HTTP—various forms of bots, spyware, back doors, and other Trojan programs. Hackers then send phishing emails to lure users to web sites, where unsuspecting victims are tricked into revealing personal information. Hackers can also exploit security weaknesses on sites, and then piggyback their Trojans onto legitimate software to be downloaded by trusting consumers.

How Does My PC Get a Trojan?

Peer-to-peer (P2P) networking has become a launching pad for viruses. Attackers incorporate spyware, viruses, Trojan horses, and worms into their free downloads. One of the most dangerous features of many P2P programs is the “browse host” feature that allows others to directly connect to your computer and browse through file shares.

P2P can accidentally give access to logins, user IDs and passwords; Quicken files and credit reports; personal information such as letters, chat logs, cookies, and emails; and medical records you accidentally house in accessible folders on your PC. As with email and instant messages, viruses in P2P files are capable of weaving their way through as many users as they can, stealing information and delivering it to cyber criminals who forge identities and commit fraud.

Top 10 Ways to Defend Against Malware and Trojans

Although hackers never stop developing new tricks to commit fraud and steal identities, consumers can take proactive steps to safeguard their systems. All it takes is a combination of robust security software and a commitment to following basic safety rules.

- Protect your computer with strong security software and make sure to keep it up to date. The McAfee® Internet Security guarantees trusted PC protection from Trojans, hackers, spyware, and more. Its integrated anti-virus, anti-spyware, firewall, anti-spam, anti-phishing, and backup technologies work together to combat today’s advanced multi-faceted attacks. It scans disks, email attachments, files downloaded from the web, and documents generated by word processing and spreadsheet programs.

1. Use a security-conscious Internet service provider (ISP) that implements strong anti-spam and anti-phishing procedures. For example, AOL blocks known phishing sites so that customers can’t reach them. The SpamHaus organization lists the current top 10 worst ISPs in this category. Consider this when making your choice.
2. Enable automatic Windows® updates or download Microsoft® updates regularly to keep your operating system patched against known vulnerabilities. Install patches from other software manufacturers as soon as they are distributed. A fully patched computer behind a firewall is the best defense against Trojan and spyware installation.
3. Use extreme caution when opening attachments. Configure your anti-virus software to automatically scan all email and instant message attachments. Make sure your email program doesn’t automatically open attachments or automatically render graphics, and ensure that the preview pane is turned off. This will prevent macros from executing. Refer to your program’s safety options or preferences menu for instructions. Never open unsolicited business emails, or attachments that you’re not expecting—even from people you know.
4. Be careful when engaging in peer-to-peer (P2P) file-sharing. Trojans sit within file sharing programs waiting to be downloaded. Use the same precautions when downloading shared files that you do for email and IM. Avoid downloading files with the extensions .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd. Anti-virus software and a good firewall will protect your system from malicious files.
5. Download the latest version of your browser to ensure that it is also fully updated and utilizes the latest technologies to identify and filter out phishing sites that can install Trojans.
6. Use security precautions for your PDA, cell phone, and Wi-Fi devices. Trojans arrive as an email/IM attachment, are downloaded from the Internet, or are uploaded along with other data from a desktop. Cell phone viruses are in their infancy, but will become more common as more people buy phones with advanced features. Anti-virus software is available for PDAs and cell phones. McAfee also offers trusted security solutions for Wi-Fi.
7. Configure your instant messaging application correctly. Make sure it does not open automatically when you fire up your computer. Turn off your computer and disconnect the DSL or modem line when you’re not using it. Beware of spam-based phishing schemes—don’t click links in emails or IM.
8. Be certain a web site is legitimate before you go there. Use software that automatically checks this, such as AccountGuard from eBay and ScamBlocker from Earthlink. You can also check the validity of individual web addresses (URLs) with a WHOIS search such as www.DNSstuff.com.
9. Back up your files regularly and store the backups somewhere besides your PC. If you fall victim to a Trojan attack, you can recover your photos, music, movies, and personal information like tax returns and bank statements. McAfee PC Protection Plus provides essential protection from viruses, spyware, and hackers along with automatic backups of your hard drive.