Sunday, December 15, 2013

Spam, Bam, Thank You Man

After watching a segment on Sixty Minutes tonight about a computer virus designed to infect a computer at the BIOS level, I was reminded about the ever present and growing cyber threat. Especially during this time of year, one has to be alert and extra vigilant to avoid falling prey to one of the many tricks used to gain personal information you didn't want to share.

The story was about a foiled plot to spread malware to computers at the level of the BIOS, the very heart of every personal computer. This is the code that sits between the operating system like Microsoft Windows and the physical hardware such as the memory and hard drives. Worse than stealing or destroying the data on the machine, controlling this layer could render the machine totally useless. Imagine the impact of massive computer failures in major financial institutions, banks or utility companies. What if a massive amount of government computers suddenly all stopped working and could not be restored?

Malware is usually spread through some form of social engineering. Clever tricks are used to fool people into allowing the bad code to gain access to their computer.  Email disguised as a legitimate message from a friend in need, a bank, retail store or web-based company arrives in your inbox. It invites you in some way to click on a button or a link where the malware resides. You don't realize it but when you click you allow that program to run on your machine with all the rights and access you have.

During the holiday season when we receive so many electronic greeting cards, photos and other messages
from relatives and friends, the challenge is to be sure we do not click before we think long and hard about what may happen.

We receive a message that looks as if it came from our bank warning of an overdraft, our favorite retail store with a special discount or the delivery service (Fed Ex, UPS, USPS) advising of a delivery.  They are each brilliant recreations of the formats actually used by these companies including actual logos.  It is hard not to be taken in.

Before clicking examine the links carefully. Browsers will show you where you are about to go if you hover over the link or hotspot without actually clicking on it.  Look very hard at the address. Note when it does not end with the company domain.  Visit the company site directly to see if the message is legitimate, or if warnings of fraudulent messages have been posted there.

A great way to protect yourself is to create an account with limited privilege for every day use. Use a different, special account to administer your computer. That way, malware will not have deep privilege and you can limit the amount of damage it can do. Change passwords regularly and don't use the same one for every account you have.

When all else fails, be sure you have good solid backup for that long, hard road to recovery.

Captain Joe

Follow me on Twitter @JPuglisiLLC