Two new, popular malware attacks

It's hard to know which malicious software will break out and have a major impact on the Internet. Two new attacks, one that preys on user fears of malware, and another that exploits our fondness for moving images, are strong candidates for break-out status. Users should beware, and vendors should be patching to help keep them under control.

It's hard to predict which malware program will become the next "big one." Rarely is the particular piece of malware that goes explosively viral (forgive the pun) new or innovative. The famous Melissa virus wasn't the first Microsoft Word macro virus. The Michelangelo boot virus wasn't the first boot virus to overwrite hard drive sectors. Nimba wasn't the first HTML threat. And the Iloveyou worm wasn't the first VBS malware program. The malware that takes off seems to be a combination of just the right social engineering and timing. I've given up on predicting what will become the Next Big Thing.

Although the latest two big threats aren't the lead-off story on CNN Headline News, they have exploited more end-users than any threat of the past few years. My e-mail and cell phone are busy with messages from friends and family exploited and trying to clean up.

The first major threat going around these days is known as XP Antivirus 2008, though it's also known by a few other similar names. A user is socially engineered into installing a bogus anti-virus program, which then, in a not so startling development, detects thousands of malicious viruses, and prompts the user to buy their program to get rid of the malware. Often the only malware program the user has is the XP Antivirus 2008 program itself.

The interesting aspect of this malware program is its capability to modify the normal Microsoft Windows desktop to look as if the status bar is sending an alert message indicating a virus infection. The alert warning looks like an official Microsoft Windows warning, bubbling up from the area where you normally expect legitimate programs to be. The XP Antivirus 2008 program install looks just as official, but once installed asks for money to get rid of the supposed viruses or starts stealing confidential information.

Too late, most users realize they have been scammed by the malware program. The Internet is full of sites and tools attempting to help users disinfect their PCs. Most solutions don't work, no matter how well intended. The malware program is programmed to prevent easy cleanup, including blocking access to Web sites that can offer good help and preventing legitimate cleanup tools from running.

My advice with any successful malware-exploited PC is to back up the data, format your drive, re-install your programs, fully patch, and begin all over again. Change your online passwords and PINs, monitor your credit, and begin your cyberlife anew. Today's malware is criminally motivated and trying to steal all your money, one way or another.