Print | Send on Yahoo! | PDF version | RSS | Filed Under: ALERTS

Halloween On-Line Safety Tips

Trick or e-threat?

Jokes and pranks, scary stories, wicked costumes and jack-o'-lanterns are all part of the innocent arsenal of Halloween. By moving them to the on-line world and adding some malicious payloads, we obtain the perfect combination for a successful nightmare of systems and data.

The potential Halloween malware offensive, using social engineering strategies and speculating behavioral vectors of attack, such as entertainment and curiosity, will be most likely deployed over three particular channels: social networks, e-mail and Web sites.

Social network platforms, like Twitter^TM and Facebook®, will probably be the most speculated malware distribution channels in the following days. Among the preferred schemes, two of them should be treated with caution.

A possible "Halloween/Creepy/Scary Character" scam, based on the previous Porn Name stratagem, could trick users into revealing private information, such as maiden name or birth place etc, which e-crooks could use to illegally access e-mail or on-line bank accounts.

Users' avid interest for funny pictures and videos could also bring mayhem upon their computers. Automatically generated tweets and posts advertising amusement topics and including poisoned (shortened) URLs towards Web pages distributing malware build the most probable scenario. We have already witnessed similar schemes last month, when Roman Polanski's arrest and Samantha Geimer's abuse were exploited for malicious purposes.

Unsolicited e-mail purporting to deliver Halloween-related jokes, allegedly "hilarious" PowerPoint documents or videos could easily sneak malware into an unprotected system or lure users towards Web sites responsible for malware dissemination. Possibly the best two examples to be found are last year, when similar events took place.

First, in February, the infamous Storm Worm struck millions of systems, with the decoy of a Valentine's Day gift. The e-mail message contained a Web link which led the users to a Web site where they could supposedly download a Valentine card. Instead of receiving a card from a loved one, their system was infected with the Storm Worm and their personal information stolen.

The 232^nd anniversary of the American Independence brought again into the spotlight Trojan.JS.Encrypted.A and Trojan.Peed.JVL, two long-lasting breeds of malware that heavily compromised systems around the world, by registering them into a malware and spam distribution network, while also stealing sensitive data.

To avoid become a victim of cybercriminals, follow the 10 Tips below:

• install and activate a reliable antimalware, firewall solution and spam filter, such as those provided by BitDefender.
• update your antimalware, firewall and spam filter as frequent as possible, with the latest virus definitions and suspicious applications/files signatures.
• check on a regular basis with your operating system provider - download and install the latest security updates and malicious removal tools, as well as other patches or fixes.
• do not open or copy on your computer any file, even if it comes from a trusted source, before running a complete antimalware scan.
• do not open e-mails and e-mail attachments from senders you do not know.
• do not click any links contained in the spam e-mails, including the "unsubscribe" ones; you might trigger other malware and compromise your system's security.
• be sure that your antimalware suite is turned on before clicking any links that you receive on your channel or wall.
• make sure you know who you are following or add as friend.
• avoid placing your e-mail address on websites, guest books, newsgroups, contact lists, shopping or gift lists or making it public on channel or wall.
• do not hesitate to report Twitter or Facebook spammers.

For more information on how to protect yourself on Twitter and other social networking sites, please listen our "BitDefender Offers Twitter Spam Protection Tips" podcast.