Posted by: Troy Tate
antivirus, attack, firewall, information security, information security awareness, malware, patching, security awareness, social engineering, updates, zero day
For certain malware infection follow these steps:
1. Do not apply operating system patches.
2. Do not apply application patches.
3. Do open emails from unknown sources.
4. Do open attachments on emails from unknown sources.
5. Do open unexpected attachments appearing to be from known sources. “I’m sure this person meant to send me this PDF file.”
6. Do purchase and install a program which is supposed to fix the detected viruses on your computer. “I was just browsing the web and this window popped up saying I was infected and could fix all my problems with this 2010 SuperAntiMalwareAntiVirusFirewallPreventBuggySoftware application.”
7. Do follow instructions found in an email supposedly from the IRS, a banking institution or FBI asking for personal information including mother’s maiden name and social security number. The information should be entered on the website link shown in the email.
8. Do blindly click on the link shown in the email supposed to be from the trusted source. Just because the displayed link shows www.mytrustedbank.com and the clicked link shows www.mytrustedbank-com.gotchanow.cn.ru doesn’t mean that the message shouldn’t be obeyed.
9. Do go ahead and install the unsolicited Flash update on your computer. Surely that attached video won’t infect my 2010 SuperAntiMalwareAntiVirusFirewallPreventBuggySoftware protected computer.
10. Do not pay attention to that person over there saying they were infected when they ran the 2010 SuperAntiMalwareAntiVirusFirewallPreventBuggySoftware application. Surely they are not as smart as you.
What other steps would you suggest for becoming malware infected? Share your comments. <remove tongue from cheek>
Just thought I would share these tips with you. If you got this far, you might find this entry in the McAfee Security Insights blog interesting – Operation “Aurora” Hit Google, Others. Basically the attack was multi-layered. It began with social engineering and ended up with outbound data being sent to unknown attackers. It makes for some very interesting reading.
Thanks for reading & let’s continue to be good network citizens!