By Jordy Berson, Group Product Manager, Check Point Software
A vulnerability in Adobe Acrobat is being used to steal business and government secrets. This exploit entices its victims to open a PDF document, upon which a Trojan is transferred invisibly to the victim's PC. The Trojan secretly records the keystrokes and allows hackers remote access to the victim's computer. This vulnerability has so far been targeted at business executives and government officials. I don't know what's scarier – the attacks that target people like you and me directly to steal our identity, or knowing that our goverment and business officials are being spied on.
The general idea is this: You're surfing the Internet, you land on a Web site, and BAM! Malicious software secretly downloads to your PC. Most of the time you don't even have to click on anything or even stay on the site for more than a moment. But when you leave the site, you take an invisible threat away with you that steals your identity and your privacy.
The Adobe attack is just the latest chapter in a dramatic but predictable story. Nearly every week for the past year, it seems a new drive-by exploit is discovered. Web surfers fall victim. Identities are stolen. Secrets are passed. Virus companies catch up…too late as usual.
Any Web site will do. These types of exploits have been hosted on compromised mainstream sites such as Miami Dolphins and Tom's Hardware and on popular banking sites where you'd never expect them, as well as on riskier sites such as free download sites. The point is that these threats can affect you no matter where you surf and no matter how careful you are.
How likely are you to hit a drive-by? A study by Google concluded that over 1% of all Web searches contain at least one malicious URL which could be a drive-by. So out of 100 Web searches, you'll hit at least one of these. And that's just one of the methods to get you. Phishing sites and other social engineering tactics can land you on a malicious Web site too. And if you do stuff like downloading free screensavers and music and you spend a lot of time social networking, your risks are higher.
So what do you do? Hide your love away…
Hackers love people who run old versions of their software. And you don't want to be loved by hackers! When you run outdated software on your PC, you make it dead easy to get hacked. You're almost asking for it. So please update all your software now…right now. And especially if anybody is using an older version of IE or Firefox (or whatever browser you run)…upgrade immediately! You should be on IE 7 and Firefox 3.
…and get a good traffic cop. The traffic cop is one of the few technologies out there that can stop drive-by downloads. And this one is *the* only one at this time that works automatically (the others require you to change the way you download files and manage your file system). It's our own ZoneAlarm ForceField. In the time its been out, its stopped 100% of drive-by downloads that we've been able to test – theoretical and actual. It does a lot of other stuff too. Try it for free and please tell me what you think of it. Love it or hate it, I'd love to know. It's less than 5MB.