Hackers never sleep, it seems. Just when you think you've battened down the hatches and fully protected yourself or your business from electronic security risks, along comes a new exploit to keep you up at night. It might be an SMS text message with a malevolent payload or a stalker who dogs your every step online. Or maybe it's an emerging technology like in-car Wi-Fi that suddenly creates a whole new attack vector.
Whether you're an IT manager protecting employees and corporate systems or an end-user simply trying to keep your own personal data safe, these threats -- some rapidly growing, others still emerging -- pose a potential risk. Fortunately, there are some security procedures and tools available to help you win the fight against the bad guys.
[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]
1. Text-message malware
While smartphone viruses are still fairly rare, text-messaging attacks are becoming more common, according to Rodney Joffe, senior vice president and senior technologist at mobile messaging company Neustar and director of the Conficker Working Group coalition of security researchers. PCs are now fairly well protected, he says, so some hackers have moved on to mobile devices. Their incentive is mostly financial; text messaging provides a way for them to break in and make money.
Khoi Nguyen, group product manager for mobile security at Symantec, confirmed that text-message attacks aimed at smartphone operating systems are becoming more common as people rely more on mobile devices. It's not just consumers who are at risk from these attacks, he adds. Any employee who falls for a text-message ruse using a company smartphone can jeopardize the business's network and data, and perhaps cause a compliance violation.
"This is a similar type of attack as [is used on] a computer -- an SMS or MMS message that includes an attachment, disguised as a funny or sexy picture, which asks the user to open it," Nguyen explains. "Once they download the picture, it will install malware on the device. Once loaded, it would acquire access privileges, and it spreads through contacts on the phone, [who] would then get a message from that user."
In this way, says Joffe, hackers create botnets for sending text-message spam with links to a product the hacker is selling, usually charging you per message. In some cases, he adds, the malware even starts buying ring tones that are charged on your wireless bill, lining the pocketbook of the hacker selling the ring tones.
Another ruse, says Nguyen, is a text-message link to download an app that supposedly allows free Internet access but is actually a Trojan that sends hundreds of thousands of SMS messages (usually at "premium SMS" rates of $2 each) from the phone.