You don’t need refer to an online hacking weblog to know that it makes sense to invest in malware protection software. The information superhighway that is the internet is a Wild West unto itself in more ways than one; users have always come out chased by hounds.

To begin with, a wide variety of threats, namely online hacking, virus infection, malware infestation etc. stalk any computer user connected to the internet. Most new computer systems are accompanied by bundled anti-virus and malware protection software applications. An alarming trend, however, is that a large number of users choose to neglect the very importance aspect of malware protection and end up exposing their computers to the risk of infection once these bundled applications exceed their validity period and need renewal.

Malware Protection : Nip the Risk in the Bud

Failing to install a firewall, forgetting to update the anti-virus software and clicking on suspicious links, apart from poor malware protection efforts, are among the many unhealthy surfing habits of a majority of netizens. Some are not even aware of the nuisance of adware, or the threat posed by spyware.

Not every site you visit will be a safe place. Not every email you receive will contain safe information. Many viruses enter a website when users visit certain websites (predominately pornographic sites). These viruses can also come from certain emails. Keeping these things in mind and ensuring correct surfing habits are the best malware protection you can get; the software applications come in only as a second line of defense.

Programmers of viruses and other malware have written extremely destructive and devious code; some can even disengage the anti-virus software. This may happen even with paid anit0virus software. What’s important is, that the malware virtually has the run of the system now and can wreak havoc on your files.

This was a very rare case, but if you want adequate malware protection, then you must ensure that you check regularly for updates and scan your computer for viruses everyday, which is something that you can tell your anti-virus software to do automatically by scheduling it in advance.

Other Methods of Malware Protection

The use of a spyware extractor like Ad-Aware can help alleviate chances of browser hijacking and to remove all data-mining files from your hard drive. Many sites will add these features to your computer when you visit their website, they gather data on your personal site visitation and apparent preferences.

Not only can this be personally intrusive but it can also slow your computer down and may result in a significant amount of unwanted emails.

Your hard drive is more important that just a hunk of silicon and electronic boards, especially more so if you use it for business; the data is priceless. You can’t afford to have your computer offline while you deal with the devastating effects of a computer virus, online hacking or deleted files? Hence, if you use your computer to store office files, or if you’re a freelancer using the computer as a workstation, you should know how vital malware protection software and other security measures are.

Keep watching this online hacking weblog for more information on malware protection.

The term cyber terrorism is becoming increasingly common, which you’ll observe on reading any online hacking weblog. Still, a solid definition of the word seems hard to come by. While the phrase is loosely defined, there is a large amount of ambiguity in what exactly constitutes cyber terrorism. In the post September 11 world, this is somewhat disconcerting.

A New Weapon: Cyber Terrorism

In an attempt to define cyber terrorism more logically, a study is made of definitions and attributes of terrorism and terrorist events. From these attributes a list of attributes for traditional terrorism is developed. This attribute list is then examined in detail with the addition of the computer and the Internet considered for each attribute. Using this methodology, the online world and terrorism is synthesized to produce a broader but more useful assessment of the potential impact of computer savvy terrorists. Most importantly, the concept of ‘traditional’ cyber terrorism, which features the computer as the target or the tool is determined to be only a limited part of the true risk faced.

Cyber terrorism has been quite a game changer for the way we build our online defences. In particular, the breadth of the issue poses significant questions for those who argue for vertical solutions to what is certainly a horizontal problem. Thus, the validity of special cyber terrorism task forces that are disconnected or loosely connected with other agencies responsible for fighting the general problem of terrorism is questionable and a broader, more inclusive method more likely to be effective.

Defining Cyber Terrorism

It is difficult for people to come to a consensus regarding what exactly cyber terrorism is. When the people in question are computer security experts who’d be  the architects of our defenses against cyber terrorism, this discrepancy goes from mere annoying to worrisome. When these 10 people represent varied factions of the governmental agencies tasked with protecting our national infrastructure and assets, it becomes a critical issue. However, given the lack of documented scientific support to incorporate various aspects of computer-related crime into the genre ‘cyber terrorism’, this situation should not be surprising.

Despite copious media attention, there is no consensus methodology by which various actions may be placed under the nomenclature ‘cyber terrorism’, yet the term clearly exists in common usage.

However, the reality is that the reader, solution provider, or defender is often left to his own devices as to what the term actually means and thus what solutions should be created (or implemented). When a government’s or corporation’s entire infrastructure may be at stake, subjectivity is useful but may not be the best evaluative tool.

At the same time, research of this phenomenon shows that cyber terrorism cannot easily be defined. This creates a Catch-22 situation: the thing cannot be defined — yet without defining it, one cannot ‘know’ what it is one is fighting and hence come up with a good solution. Furthermore, even when there is an operational agreement on terms, if an attack/security event does not fit into one of the (often narrowly defined) categories, funding (and as a result investigation or technical remedy) may not be forthcoming.

That’s all for now, but keep reading as we’ll continue to update you with more details on online hacking in future posts, with a particular focus on cyber terrorism.

According to an August 2011 study on online hacking by cyber security software company McAfee, networks of nearly 72 organizations including the UN, governments and companies across the world have fallen victim to online hacking attacks since 2006. Besides making this sensational revelation on online hacking, McAfee has also stated that there was a “state factor” behind the online hacking attacks. However, the company shied away from identifying that factor more concretely, leaving a lot of gaps to be filled in by the wild imaginings of online hacking conspiracy theorists.

Online Hacking Weblog: The Victim Parade

McAfee says in a release that a number of organizations which includes the governments of the US, India, South Korea, Vietnam, Canada and Taiwan, as well as groups such as ASEAN, IOC, WADA and several high-tech enterprises have fallen prey to a concerted, coordinated five-year online hacking campaign that was far from random, and was orchestrated as part of a larger, deeper strategy targeted at these governments.

McAfee had notified all 72 victims of the attacks, which are under investigation by law enforcement agencies around the world.

McAfee revealed in its report that the hackers managed to steal data from the computer networks of the UN Secretariat in Geneva for nearly two years. McAfee learned of the extent of the online hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a “command and control” server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.

Discovering Operation Shady RAT

McAfee discovered what it calls as Operation Shady RAT, which was used by the intruders for hacking into the online systems. The company then collected logs that revealed the huge volume of cyber attacks since mid-2006.

According to sources within McAfee, the enormous diversity of the victim organizations and the audacity of the perpetrators was disconcerting even for the seasoned cyber security professionals who’re part of McAfee’s threat research team.

McAfee says in its report that as many as eight organizations were victims of online hacking in 2006. The number increased to 29 by 2007. The number of victimized organized continued to increase in following years as it peaked at 38 in 2009 before a slump in online hacking activity. The slump was perhaps due to the widespread availability of the online hacking countermeasures for the specific intrusion indicators used by this specific perpetrator.

What is happening to all this data obtained through online hacking is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook through online hacking), the loss represents a massive economic threat.

Some of the attacks lasted just a month, but the longest—on  the Olympic Committee of an unidentified Asian nation—went on and off for 28 months, according to McAfee. A McAfee spokesperson further made an as yet unsubstantiated claim that this was the biggest transfer of wealth in terms of intellectual property in history. There’s certainly no doubt that the scale at which this is occurring is disturbing.

Is China Behind the Online Hacking Attacks?

Responding the report, cyber security experts with the Center for Strategic and International Studies stated their belief that it is China that is behind the online hacking campaign, which they claim is indicated by the fact that most of the stolen information was of particular interest to China.

The systems of the IOC and several national Olympic Committees were breached before the 2008 Beijing Games. And China views Taiwan as a renegade province, and political issues between them remain contentious even as economic ties have strengthened in recent years.

This claim was not commented on either by McAfee, or any representatives of the Chinese government. Concerns regarding the report and its potential effects have been escalated to a level where they have come to the attention of UNO, which has started as investigation into the matter.

A Pentagon spokesperson, Air Force Lieutenant Colonel April Cunningham stuck to the official version that the attackers are as yet unidentified. However, Cunningham has also stated that the Department of Defense has already reported to the Congress in 2010 regarding the active pursuit of cyber capabilities initiated by China, with an aim to ex-filtrate sensitive information of a strategic or military utility.

McAfee had published this report earlier this year to coincide with the commencement of the annual Black hat conference in Las Vegas, a confluence of cyber security professionals with a focus to fighting online hacking and cyber crime.

Online hacking of credit card information is an abomination arisen out of a phenomenon that has otherwise done only good for the betterment of mankind.

Purchasing products and services on the internet using credit cards has always been dicey for most people since the early days of the internet. While the internet has evolved, bringing new and improved security measures, the danger of online hacking still lurks. And the trouble with online hacking is that the perpetrators of online hacking are always a step ahead; they discover a fault or a security hole in a system and exploit it to gain unauthorized access to information. When the fault is discovered, they are filled up, leaving online hacking experts to look for other fault lines; and they usually do find them.  When it comes to online usage of credit cards, the ramifications of identity theft, even without considering the potential financial loss, are huge. Your credit card leaves an electronic trail of purchases and anybody stealing the credit card details could effectively be using it for something illegal in your name.

The situation might seem hopeless and you may think that there’s not much you can do short of vowing never to use your credit card online, but that is drastic, unnecessary and inconvenient. Sure, some online merchant sites have other payment options too, but the credit card still remains the most widely offered option. Not using a credit card online is likely to prevent you from availing the awesome deals and sales you can participate in on the internet shopping sites. There are, however, ways and means to improve your defenses against online hacking.

Protecting your Credit Card Information from Online Hacking

The first thing you need to check, when shopping online with a credit card, is to ensure that you’re always on a secure page. Online merchant sites often use a high level of on-page encryption to render their pages secure, so that the sensitive information your provided may not be intercepted. This, however, is unlikely to protect you if you have malware such as keyloggers installed on your system, which is one way that perpetrators of online hacking gain your information. Therefore, using anti-virus as well as anti-spywate software is essential. Another trick that you may be subjected to is through phishing emails. It works like this: you get an email that seems to be from your credit-card company or bank, and everything looks like the real deal. The mail would request you to click on a link which would also look a genuine page of the bank or credit card company. This page, however, is a phishing page, one way of online hacking, that would ask you for your password, credit card number or some other sensitive detail (and you wouldn’t suspect a thing because it seems natural for the page to ask this information). This method of online hacking literally tricks you into giving away your own details. So be careful of any email claiming to be from your bank-salsh-credit card company-slash-online payment processor; doubly so if it contains a link to click on. Always access your bank site or any financial transaction site directly by typing the address into your online browser, the old fashioned way.

Virtual Credit Cards to Fool Online Hacking

Using a payment processor such as Paypal is also a good way to protect yourself while shopping with a credit card online. You’re furnishing your information to only one site (Paypal, in this case) which then proceeds to make payments to the sites you do your purchases from, thus limiting risk by limiting online exposure of your data. The downside is that while these payment processors have a good coverage of online merchant sites to provide you the service, there are still an awful lot of sites which wouldn’t be covered by your payment processors. You see, all processors don’t work for all websites or, for that matter, for all geographical locations.

Using virtual credit cards is another alternative to using credit cards online. These cards eliminate the risk involved in your online credit card transactions by giving you single time useable credit card numbers that can only be used online, and only be used once. Contact your credit card company to know more of these facilities that would help you shop online with your credit card.

Keep watching this space for cyber-security tips and tricks to protect yourself from the dangers of online hacking, whether for credit card information or otherwise.

Last year, 34 percent were born in all the malware that has ever been, according to security company Panda Software on-line.

Statistics released as part of the company’s Annual Security Report 2010 has revealed the biggest threat yet to the Trojans, which included 55.91 percent of the beneficiaries of malware.

The data from PandaLabs also showed spyware made up less than one per cent of malicious software online, whilst 11.6 per cent was fake antivirus software known as ‘rogueware’.

PandaLabs said email spam had still been a major problem in 2010 forming around 95 per cent of all email traffic globally. However, within the year, the figure dropped to 85 per cent.

The survey cited proactive measures such as the dismantling of botnets as helpful to the reduction, saying this had reduced the number of computers being used as zombies to send out spam remotely.

The report states, as well as social networking sites and the growing popularity of smartphones in 2010, the attacker was seen to take advantage of them, using fake Web sites and applications.

It was also the year in which cyber terrorism and cyber-activism, “hacktivism” or become a serious problem. Clearest Stuxnet worm attack nuclear facilities in Iran, Aurora Operation Trojan was launched in large multinational companies and the various functions of the Anonymous hacker group.

Kaspersky Lab presents its assessment of malware action on users’ computers and on the Internet for December.

In December 2010, analysts of the company once again recorded a high level of subversive activities. Kaspersky Lab products blocked over 209 million network-level attacks in recent months, over 67 million groped to infect computers across the network are detected and neutralized over  the 196 million malicious software and recorded nearly 71 million heuristic judgments.

Social engineering and the exploitation of vulnerabilities in legitimate software remained the main methods employed by cybercriminals, though it appears they never cease to hone their skills in other areas. They certainly didn’t pass up the opportunity of jumping on the ‘shortened URL’ bandwagon. Users are increasingly using Internet addresses that have been shortened with the help of special URL shortening services, and they don’t always know that malicious links may be lurking among them. In December the top trends on Twitter’s main page included a number of entries with links that had been shortened using popular services such as bit.ly and alturl.com. After several redirects these links eventually led to infected websites.

In another development, the authors of fake antivirus programs have been busy perfecting their tactics, so much so that two of their creations made it into December’s Top 20 malicious programs detected on the Internet – in 18th and 20th places. Genuine antivirus programs are now so effective at detecting their fake counterparts when they attempt to download to users’ computers that the cybercriminals have moved their wares to the Internet instead. In the latter scenario these rogue programs don’t need to be downloaded to a computer; users just need to be lured to a fake antivirus website, which is a lot easier than bypassing real antivirus protection.

Representatives of the Trojan-Downloader.Java.OpenConnection family remain extremely active. Instead of using vulnerabilities in a Java virtual machine these Trojans employ the OpenConnection method of a URL class – standard functionality of the Java programming language. Two representatives of Trojan-Downloader.Java.OpenConnection were among the Top 20 malicious programs detected on the Internet in December in 2nd and 7th places. At the height of their activity the number of computers on which these programs were detected in a 24-hour period exceeded 40,000.

Topping the list of web-based threats, well ahead of its nearest rival, was the adware program AdWare.Win32.HotBar.dh. As a rule, this program is installed along with legitimate applications and then annoys the user by displaying intrusive advertising. For the first time ever a malicious PDF file that makes use of Adobe XML Forms has made it into the Top 20 online threats. When a user opens the file Exploit.Win32.Pidief.ddl, a script exploit is launched that downloads and runs another malicious program from the Internet. Exploit.Win32.Pidief.ddl occupied 11th place in December’s rating of threats emanating from the Internet.

December also offered virus analysts the chance to monitor cybercriminal activity as it adapted to a new Russian Internet domain. November 2010 saw the beginning of domain name registration in the .ÒÆ (Cyrillic abbreviation for the Russian Federation) zone of the Internet. Online scammers turned out to be most active in the new domain, registering sites that were used to spread malicious programs and make enticing offers of a fraudulent nature.

Three types of malware were detected above all: the music files as false, movies and multimedia, script programs disguised model useful services for the social networking site Odnoklassniki and Trojans to redirect users to pages malicious Web.

More than a third of all malware that has ever existed has been fixed by mobsters in 2010 alone, according to the latest annual report from PandaLabs.

To be precise, the company found that 34 percent of all existing malware has been developed by cyber-criminals last year, banishing forever the image of angry nerd virus created in his studio.

It’s not all bad news however is that there has been a dramatic decline in the rate at which threats are growing: Since 2003, the number of new threats has doubled each, but in 2010 they increased 50 per cent.

An unwelcome trend however, has been the rise in social media malware, in particular Facebook and Twitter, although PandaLabs pointed out that there have also been attacks on other sites like LinkedIn or Fotolog. According to PandaLabs, hackers use several techniques to trick users.

These include the hijacking of Facebook’s ‘Like’ button, identify theft to make it appear that messages are being sent by trusted sources, and the distribution of fake apps.

PandaLabs also pointed out that the year has also seen a rise in activist attacks on websites, so-called hacktivist incidents. Most notably, of course, was the co-ordinated response by the ‘Anonymous’ group in support of Julian Assange of Wikileaks. The DDoS attacks that brought down Mastercard, Visa and PayPal were a reminder of how quickly such attacks could be mobilised.

Another trend is the growing interest in Apple Mac as a hacker target. A few years ago, Mac enthusiasts used to boast about their malware-free machines – that’s not the case any more. PandaLabs doesn’t put any figures on the spread of Mac malware beyond pointing out that the company’s growing market share means that it’s become more vulnerable to attacks.

The banking Trojan remains the most widespread of all malware, accounting for some 56 percent according to PandaLabs. However, there’s a rise in rogueware or fake antivirus software, a category that didn’t even exist five years. PandaLabs said that about 40 percent of all fake antivirus programs were created in 2010. Out of the tottal of 5,651,786 individual examples of fake antivirus programs, of these, 2,285,629 appeared between January and November 2010, said PandaLabs.

The badge of dishonour for the country with the most infected PCs goes to Thailand which has nearly 70,000 infected machines – China and Taiwan are not far behind. The UK does not figure on the list of the worst 20 offenders, although France and Italy do, with about 48,000 infected machines.

Finally, PandaLabs has revealed that spam has continued to raise alarmingly high levels in 2010 despite the Mariposa and Bredolad botnets have fallen. This does not mean that the amount of spam has increased the number made headlines, 95 percent of all email traffic is still high at 85 percent.

PandaLabs believe that many of the trends of 2010 continue in 2011, with more and more examples of cyber-activism, the attacks of the media. SEO threats, an increasing number of attacks on mobile phones and tablets and other evidence of an attack on Macs. In addition, new technologies will also be under threat – let,s see the attacks on Windows 7 and more of hackers trying to exploit HTML 5.

Microsoft Office users should beware a potentially hazardous. Microsoft has announced that it is malware that will have the advantage of vulnerability in Microsoft Office. Microsoft had the known issue in November. Microsoft has released a patch for the threat.

The popular anti-virus company Symantec has listed this as a critical threat. They reported seeing the code “in the wild.” In the wild, is a term used to describe malicious software to see on the Internet. This particular malware may be sent by e-mail. It then uses the error to Microsoft Word infects the host computer.

However, unlike most other types of malware, this particular one doesn’t even have to be opened by a user to infect the computer. An email containing the malware, in the form of a modified rich text format document, simply has to be in the Microsoft Outlook viewing window for it to take advantage of the exploit. In other words, if a user who doesn’t have the patch receives an email with the malware in their Microsoft Outlook, it can infect their computer even if the email isn’t opened. Once infected, the victim’s computer can have programs installed on it, their data viewed, their data changed, or even have their data deleted by the attacker.

Microsoft recommends that everyone download the patch for this vulnerability. The patch is called MS10-087. Microsoft also recommends that everyone keep their antivirus updates. It also encourages users to have an anti-malware installed on your computer.

According to the Star Telegram, which published its new, 21 December 2010, Texas Department of Aging and Disability Services (DAST) website, which have been hit with a malware or a virus that had detached from the Internet in the morning of December 21, 2010.

In the agency said it had temporarily closed the site for security reasons, but did not know exactly what the problem was that even in the absence of information has been compromised. In particular, there is a report of the information system at that location, so that ordinary people can experience power shortages in nursing homes and support services to life.

Further, there’s a registry within the site that reveals misconduct of employees and qualified nurse aides who’ve been prohibited from performing any service in nursing homes. Some vital manuals, handbooks, forms, enforcement statistics along with other types of valuable resources are also included in the website.

Stated Cecilia Fedorov, a spokeswoman for the agency, the department was investigating the entire incident in coordination with Health and Human Services Commission as also computer specialists for unearthing the nature of the malware that infected the TDADS’s computer server. According to her, everything the server contained was being analyzed for ensuring it was safe enough for getting it back to work. Star Telegram reported this.

In a remark, the specialists said there was a rapid growth in cyber-attacks on government and popular websites for disseminating malware over the recent time, while cyber-criminals found them effective in affecting a huge number of users.

They have also warned that hackers are preparing more sophisticated, malicious software has grown in size and activity rather than indicating a decline. Therefore, companies need right now are becoming more aware of how they might implement best security practices to protect their websites and customers with security reputation and sales.

First, be regularly monitored malware on their websites to make sure that no mention was vulnerable to online threats. In addition, organizations that have the costs of monitoring programs on the Web, and focus on the patches and updates for third-party widgets to be installed.

New strains of malware have recently observed a cloud-based service for file-sharing, and its presence may be the Herald and potentially dangerous security threat for Internet users in 2011.

The security firm Kaspersky Lab has recently discovered a malware called “Trojan-Dropper.Win32.Drooptroop.jpa.” The Trojan was found on Rapidshare, a popular file sharing cloud computing and storage services. (Cloud computing is the process by which servers handle external data processing and data storage tasks generally performed by personal computers.)

The particular drooptroop variant (Kaspersky has identified more than 7,000) was first discovered around Christmas and titled “gift.exe.” Once downloaded, the malicious “gift” can intercept browser functions, redirect user requests and allow an attacker to gain access to users’ systems, explained Vicente Diaz, Kaspersky Lab researcher.

Drooptroop also automatically takes users to a rogue antivirus site that attempts to trick them into purchasing antivirus software they don’t need.

What is worrisome for security analysts is that malicious programs, such as drooptroop not appear in the body of the Rapidshare link, which means that it can successfully evade capture by traditional security filters.

As companies become more and more toward the cloud, security experts believe that cyber crooks will adapt to new developments and continue to prosper