The sequence of autumn epidemics of the Foo family worms (also known as Mimail), which exploited the possibility of trojan components transportation by this type of malware with the main aim to steal commercial confidential information from victim's PCs, pointed out once again to the increasing tendency among virus originators to use mass mailing worms as carriers of the main malicious code. The mail worms attract close attention of the computer security experts working in the financial domain, as more and more incidents are registered, when apart from trivial functions of self-replication via e-mail and a set of standard destructive functions these programs are supplied with the procedures of collection of confidential information and its transmission to malfactors disposal. Different categories of users may get attacked. Nobody is guaranteed against the intrusion – those having a bank account and doing internet-banking, on-line-shoppers and internet chatters. Creators of such programs thoroughly procure for their imperceptible "living" in the victimized machines and not always a computer owner may notice that his or her PC is open to an external invasion. What can be stolen from a computer? Almost any kind of information – data files, e-mail addresses, IP-addresses, passwords, financial information. Special keylogging utilities, if delivered and installed into a system, will vigilantly spy on every key stroke you make. And even if you do not keep the credit card number in your files on the hard disk it still may become known to a criminal through a key strokes sequence. Many remember the Bugbear mass-mailer outbreak in the beginning of the last summer. In addition to its mass-propagating functions the worm had a built-in Trojan keylogging utility which saved the stolen data into a file, that could be accessed remotely through the port that the Trojan would open on the victim's machine. This outbreak became one of the most expensive in the history of the computer virology. Such risks, though very high, can be avoided by strictly following some basic security rules that we would like to remind you of. These rules can definitely help you to significantly reduce the probability to loose your financial and other confidential information when you are online.
- Licensed anti-virus programs and firewalls installed on your computer with regular updates are indispensable conditions of your cyber safety. The installation of a firewall becomes highly important for those who use a broadband connection to the Internet. In the vast expanses of the World Wide Web unprotected and vulnerable systems are tasty morsels of hackers.
- Do not download entertaining programs, applets and images from unreliable and unknown sources. You can download a trouble attached to the entertainment.
- While making payments via the internet make sure your personal info, especially credit card details, will be transferred via a protected protocol.
- When posting your mail address to communication boards try to use the following method of entering the mail address: mail_box_name @ domain_name_point_comIf written in this way the addresses will not fall a prey to a robot hunting for mail addresses but will be understandable for users who really wish to get in touch with you.
- Every month users of internet-banking receive statements of account listing the transactions made. Monthly checking all listed transactions should be a rule for you.
- The ill-intentioned programs using passwords dictionary attacks to penetrate your system became more frequent. Use complex passwords consisting of combinations of numeric and alphabetic symbols, avoid using common words, human names and burth dates.
- There are quite a lot of viruses already disseminating through popular communication channels in the Internet, IRC for example. Never use actual names and e-mail addresses in such conferences, nor publish any private information about you or near relations. Such "chats" are archived and can be used by cyber criminals.
- Credit card companies treat with understanding clients reporting unauthorized operations made with their accounts and giving proofs of them. Do not hesitate to contact your credit card company as soon as you perceive that somebody has been using your account without your permission.
- The Trojanized utilities may infiltrate into any folder of your computer, including the Trash can. Don’t be idle to change beyond recognition a file with the invoice received, or with a statement of account, or any other financial document, before throwing it away to the can. The same concerns the in-coming and out-going messages stored in your mail application.