MARCH 2012: Drive-by malware gets into your computer without your clicking on anything or opening an attachment — merely visiting an infected website or opening an infected email is enough.
In fact, this type of malware can even start downloading from your email preview window, making it particularly difficult to avoid.
What initiates the download into your PC, laptop or tablet? There’s a JavaScript in the HTML (coding) that essentially does the “clicking” for you. Once it runs, the malware instantly begins looking for vulnerabilities in your device so it can steal personal information. You don’t even know it’s there.
What can you do to prevent it from happening? Beef up your line of defense!
2012 is going to be a big year for drive-bys because “kits” to create them are all over the black market right now. These kits are highly automated and easy to use, making it simpler than ever to hijack ads on websites, including banner ads, and to send you malware in HTML emails. And now that websites are more complex, the extra add-ons and plug-ins offer more weaknesses to exploit.
Take these five steps now:
1. Disable HTML for incoming email, if possible. This means you’ll receive messages in plain text only with no images, which is not as much fun to look at but definitely safer. You can usually disable HTML in software-based email (Outlook, Apple Mail), but in some cloud-based applications like Gmail and Yahoo! Mail, you can only disable images and not HTML.
2. Install powerful anti-virus software, such as Kaspersky Anti-Virus, McAfee, BitDefender or Panda Antivirus Pro, and keep it running at all times. Make sure to install the updates (don’t chose “Install Later” when the update dialogue box pops up!) because new patches add protection for newly discovered viruses.
3. Be on the lookout for known drive-by emails, especially those supposedly from the Federal Deposit Insurance Corporation using the real domain fdic.com.
4. Use advanced spam filtering options available in your email settings or preferences. The higher the setting, the better the protection, of course, but be aware you may need to add approved addresses so you still get the email you want.
5. Disable Java on your browser. Look for the option in your browser’s preferences. You can always turn it back on if you want to access something in Java, then turn it back off when you’re done.
